Direct attacks are also possible using techniques such as SQL injection and weak passwords can be easily guessed using brute force tactics.
Tag: Obfuscation
ShareFile : Application Specific password
You can access creation of application passwords underPersonal Settings > Personal Security > Two-Step Verification > Application Specific Passwords, using theCreate a Passwordbutton. On the new screen, you will be prompted to enter a label. This label will help you identify the app if you ever desire to revoke access to it. After clickingGenerate, click theCopybutton to copy the app-specific password to your clipboard. Next, Paste the new password into the password field of your app.
Related:
ShareFile Enterprise – UMT is unable to sync new users created in AD
The User must have the following AD attributes: username, password, and email address
Related:
Unable to login so how do I reset my ShareFile password?
ShareFile Password Policy Update
| IMPORTANT!Citrix issued a new password history requirement that you cannot reuse the previous 25 passwords on your account. |
Due to an increase in internet-account credential (username and password) theft, Citrix requires a password reset and will incorporate a regularly scheduled forced password reset into our normal operating procedures. This policy will be defined in a future update in collaboration with customers and Citrix Product Security.
Note:
If you do not have the ability to reset your password due to your company’s policy or you are an admin and need to reset a client or user’s password, see User Password Reset by Admin for more information.
Article topics:
Reset Your Password without Logging In
If you have forgotten your ShareFile account password, you can reset it from your ShareFile account login screen.
Important: ShareFile password reset uses the reCAPTCHA tool for verification. reCAPTCHA is not supported by Microsoft Edge. See ShareFile No Password Reset in Microsoft Edge for more information.
- Utilizing your ShareFile domain name, navigate to “yourdomain.sharefile.com” and click the Forgot password? link below the login button.
- Verify your identity.
- If you did not receive email with link to reset ShareFile password, refer article CTX240121 – Did Not Receive Email With Link to Reset ShareFile Password
- Complete the reCAPTCHA tool.
- If you are listed with multiple account choices, please refer article CTX239873 – Wrong Company Account After ShareFile Password Reset
- Click send.
- The ShareFile system will send you an email that contains a link to reset your password. This link will expire after 15 minutes. Each time you send a password reset, the previous reset link will expire.
- Enter a new password.
Note: If you come across error “You Do Not Have Permission to Change Password for the Below Account(s)”, refer article CTX239979 –ShareFile Error: “You Do Not Have Permission to Change Password for the Below Account(s)”
Change Your Password When Already Logged In
- Log in to your ShareFile account and click Settings > Personal Settings > Edit Profile
- Under Change Password, enter your old password prior to creating a new one.
- Click Save.
Related:
Forgot Admin Password – Console
I do not need a solution (just sharing information)
Hi all,
We forgot the admin password to login into the SEP 14 Manager! I tried to change pass with “Forgot your password?” but we not received the email to change the password.
Any ideas to restore my access to SEP manager?
Many Tks!
0
Related:
reset password for SEPM v.14
I need a solution
Can’t reset password for SEPM v.14.
Try to use “Forgot password”, but don’t receive mail to registered mail (see it in mailConfig.properties), but receive informational mails to this email from SEPM. Please, help me reset password.
0
Related:
None of Our Users Can Login to Their ShareFile Accounts
Use the Forgot password link on the ShareFile login page to request the password reset email. Refer to CTX208278 – How to Reset ShareFile Password for detailed instructions.
Citrix recently introduced a new password requirements policy and reset user passwords as a security measure.
If You are an Admin
If you are an administrator for your organization’s ShareFile account, you should be able to help other users reset their passwords. Follow the instructions at User Password Reset by Admin for more information.
Related:
Self-Service Portal Login Page Security
I do not need a solution (just sharing information)
Hello,
My organization is looking to enable the end-user VIP Self Service Portal url on our Symantec VIP agents so users can login with their Active Directory credentials and self-register/self-manage their hard and soft tokens. We’d like the url available from outside our network as business use-case dictates we require it, it will be integrated into our Active Directory where group policy is enforcing password and account lockout requirements. I have concerns regarding exposing a single-factor login form to the wild where anybody could test our Active Directory userids and passwords, not notably I’m worried about opening a new avenue that allows the ability to harvest credentials. The documentation provided doesn’t seem to reference enforcement of password/account lockout policies for the login page that would mitigate the risk (i.e. max incorrect password attempts, account locking, etc.). I’m wondering if AD password/account lockout group policy will apply for this login form when logins are attempted and/or if there are additional security features on the Symantec VIP agent side that would further mitigate risk? Thanks!
0
Related:
Citrix forces password reset to protect against credential stuffing
From https://www.citrix.com/blogs/2018/12/04/citrix-forces-password-reset-to-protect-against-credential-stuffing/
2018 has seen an unprecedented number of records breached by hackers. According to the Breach Level Index, in just the first half of 2018, more records were compromised than in all of 2017. The number of records compromised in 2018 is in the multi billions. It’s staggering. With the credentials harvested from these attacks, and the bad guys knowing that people will use the same password for multiple systems and websites, “credential stuffing” — a type of cyber-attack where stolen emails and passwords obtained through these types of breaches are used to try and gain unauthorized access to other systems — has become a serious threat facing businesses and individuals.
Late last week, not long after new high profile security breaches were revealed, in the course of our ongoing security monitoring, we saw incidences in ShareFile that had some of the characteristics of credential stuffing. After further analysis, we became very concerned that indeed perpetrators were using credentials obtained from breaches unrelated to ShareFile to attempt to gain access to individual accounts. We do not believe that this issue resulted from a compromise of our systems.
We made an immediate decision to limit the risk to our ShareFile customers by forcing a password reset. We knew the timing over the weekend was not ideal, but felt it far more important to help our customers by fundamentally stopping the credential stuffing effort. We acknowledge it has been inconvenient to customers, and regret the inconvenience, but we were acting in our customers’ best interests. It was the most expeditious way to end the attack, and proactively help our customer protect their data.
To be clear, if there is any misunderstanding, the users of the ShareFile service were experiencing a credential stuffing attack. We moved quickly and decisively to end it for the benefit of our users.
ShareFile supports multi-factor authentication, a security mechanism that requires more than one method of authentication (for instance a password and security code received as a SMS). We strongly recommend multi-factor authentication as a best practice, and it is an optional setting within ShareFile that administrators can turn-on.
In the interim, we are working to help our customers with their password resets, even bringing on extra help to process calls and tickets faster. We do point administrators to the support page first, which provides a wealth of direction and tips, as wait times for the help desk are lengthy at the moment but expected to improve. Please refer to the articles “Modify ShareFile Security Settings” https://support.citrix.com/article/CTX227767 which will assist you in Password Management, and “ShareFile Password Management” https://support.citrix.com/article/CTX208278 which will assist you with the Forgot Password functionality, which is needed to reset your password.
Related:
ShareFile Administrator is Locked Out, Unable to Login
Use the Forgot password link on the ShareFile login page to request the password reset email. Refer to CTX208278 – How to Reset ShareFile Password for detailed instructions.
Citrix recently introduced a new password requirements policy and reset user passwords as a security measure. You can find the new password requirements here: CTX240122 – Latest ShareFile Password Reset Frequency, Requirements and Policy
Reset Passwords for Users
As an admin, if you want to reset passwords for other users in your organization, refer to CTX239862 – User Password Reset by Admin .