![]() ![]() ![]() The second problem classified as low was theoretical and concerned the reading of the Boxcryptor configuration. One problem classified as low concerns the user password: to protect users with insecure passwords, it was suggested that passwords be hashed even more frequently and that the minimum password length be increased, which we implemented immediately. ![]() Two problems classified as “low” and further observations What is Boxcryptor Boxcryptor is a flexible and scalable encryption software for the cloud, that supports more than 30 providers (including OneDrive, SharePoint and an integration in Microsoft Teams) as well as NAS encryption on all platforms. Encrypted files have a green box added to the icon. In response to the audit, this redundant part of the code was removed. Under the surface, Boxcryptor keeps the encrypted files in virtual drives that are automatically created and can be of any size. In practice, however, this code was never used by Boxcryptor, so there was no danger for Boxcryptor users at any time. Theoretically, the operators of such cloud storage providers could have tried to inject code into Boxcryptor for Windows. The problem rated as medium is a part of the code that affects the connection to cloud providers using the WebDAV protocol. If Kudelski had found a serious security vulnerability, they would not have held it back until the final report, but would have reported the problem immediately. The audit process started at the beginning of May with short communication lines to the developers and managers in the Boxcryptor team. With software that is so security relevant, it is understandable that users want to be sure that the software is flawless.” Robert Freudenreich, CTO of Boxcryptor, about the benefits of an audit: “For private users, Boxcryptor is a means of digital self-defense against curious third parties, for companies and organizations a way to achieve true GDPR compliance and complete control over business data. The goal of the audit was to give all interested parties an indirect insight into the software so that they can be sure that no backdoors or security holes are found in the code. It is important to note that the codebase we audited was not showing any signs of malicious intent.” The goal of the audit “All these components were logically correct and did not show any significant weakness under scrutiny. The audit verified whether this protection is guaranteed.ĭuring the audit, Kudelski was given access to the source code of Boxcryptor for Windows and to the internal documentation. Cloud providers and their staff, as well as potential hackers are reliably excluded. Boxcryptor ensures that nobody but authorized persons have access to the data. More and more companies, self-employed and private customers are using Boxcryptor to protect sensitive data – primarily in the cloud. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |