google-site-verification: google30a059f9a075f398.html

Uber: Another rough ride by a bug that allows 2fa bypass – ‘not particularly severe’?

This story from scmagazine.com reviews a security researcher has discovered flaw that would let hackers bypass two-factor authentication (2fa) and which has gone unpatched by the company.

In terms of cybersecurity, Uber is struggling to move forward, most of them do it yourself, which may be another rough ride for them.

Just two months after car sharing services admitted concealing sensitive information that violated 57 million clients and drivers, a security researcher found a loophole that could allow hackers to bypass two-factor authentication (2fa), which the company said was not A “particularly serious report.”

Rob Fletcher, security engineering manager at Uber, also told security researcher Karan Saini that the “expected behavior” of the vulnerability reported a flaw to HackerOne, the company’s bug rewards program, which simply rejected and marked “informative “. According to ZDNet’s report.

John Gunn, chief marketing officer at VASCO Data Security, said: “The double authentication of what was once considered” probable behavior “must not be easily circumvented and is just as serious as a loophole.” If they consider the underlying security measures Failure is not serious, then you have to wonder what they think will be serious. Two-factor authentication is very secure if implemented properly, which is very easy. ”

This error allows hackers to log in to their account using an email address and password, then enter a random code when prompted to bypass 2fa.

Crafa Young, a computer security researcher at Tripwire’s Vulnerability and Exposure Research Group (VERT), said 2fa is “an important security control,” he explained: “Uber’s response means they are exploring different signals that they can use to Decide when to verify sms code, and users should not expect to receive 2FA code each time they log in. Without knowing the details of the technology, it is impossible to verify that there is a legitimate bug. ”

 

Read me…

A security researcher has discovered flaw that would let hackers bypass two-factor authentication (2fa) and which has gone unpatched by the company. Engaging post, Read More…

thumbnail courtesy of scmagazine.com