Resolving a DNS Poisoning Attack in Box Edit

Box Edit has a vulnerability in which an attacker who is able to compromise a user's DNS service would potentially be able to steal tokens allowing read access to portions of the attacked user's Box account. To exploit this, an attacker would need to be able to cause the domain edit.boxlocalhost.com, which Box owns and sets to 127.0.0.1, to resolve to the address of a machine controlled by the attacker.

 

If you have received a warning that your Box Edit connection may been compromised, submit a support case immediately by clicking this link: Submit a Case

 

Our User Services team will respond shortly. In the meantime, here are a few steps you can take to ensure your files remain secure: 

 

Disable Box Edit

Enterprise Admins can disable Box edit from the Apps tab of Enterprise Settings in the Admin Console, by searching for the Box Edit app and setting it to disabled (image below). Enterprises with Box Edit disabled will not be exposed to this vulnerability.
sifq0opr16jqvoktuctjo5uzotd14hwd
 

Update the HOSTS file

For machines under enterprise control, it is possible to update the HOSTS file to direct the url edit.boxlocalhost.com to the location 127.0.0.1. This will completely mitigate the issue and allow continued use of Box Edit -- however, it has the limitation that any use of Box Edit from a non-managed machine where the HOSTS file had not been updated would still be vulnerable.
 

Long term solution

A long term solution has been designed and is currently being developed.
Version history
Revision #:
7 of 7
Last update:
‎07-14-2017 12:25 PM
Updated by:
 
Contributors