Recently reported SAML vulnerabilities: What you need to know as a Box customer

Box Employee

Box was recently notified of a SAML vulnerability identified by security researchers that threat actors could use to bypass primary authentication, potentially elevating permissions or impersonating privileged accounts.

 

Box's Security team has confirmed that our implementation of SAML was not vulnerable to this issue. We advise that customers review their own SAML implementations against the recommended US-CERT guidelines.