Imperva Cyber Community

 View Only
  • 1.  Login Protect question

    Posted 04-05-2022 18:21
    My compliance people are complaining that when Login Protect presents the 'We need to verify your identity' that a user could in put in any login protect registered users email, that this isn't tied to the user that is logged in and trying to view a protected area. For example, say Alice hacks Bobs account, and both Alice and Bob have valid Login Protect accounts set up. Alice could log in to Bobs account and when presented with the Imperva challenge and asked to verify her identity, she could enter her email address, not Bobs, and gain access to Bob's data. 

    My question is, is there anyway to pre-condition the identity verification dialog to set Bob's email address, read only, in the verification dialog? 
    For example, the application, before going to the protected area, could plant a cookie that Imperva could read to pre-set Bob's email address.

    Is there a solution to this issue?

    thanks Dave
    #CloudWAF(formerlyIncapsula)

    ------------------------------
    Dave Correia
    VP Development
    Concord CA
    ------------------------------


  • 2.  RE: Login Protect question

    Posted 04-14-2022 12:54

    Hi Dave, 

    I checked with our product team and there are currently no plans to work on this in 2022. Maybe someone on here has a work around?

    In the meantime, I recommend you raise this as a Feature Request on User Voice.

    Thanks,



    ------------------------------
    Sarah Lamont(csp)
    Digital Community Manager
    ------------------------------