Problem: An administrator on the AAF solution can view and to recover an SMS OTP token upon generation and sending to MSISDN when the debug mode is enabled. Since the debug mode is enabled with a click of a button on the AAF Admin Console logs window, it is prone to human error which can cause SMS OTP being displayed unintendedly. It enables the Administrator to use the logs to access the SMS OTP token and could aid a fraudulent user to logon on critical systems. With rising identity theft, ease of access to SMS OTP 2FA by AAF Administrators is a potential security risk and is inconsistent with the need-to-know security principle.
Potential Solution:
- The SMS OTP token up on generation be masked in ASCII code (encrypted) with the integrated services that uses a decryption key to write the SMS OTP token on secured database prior to delivery to MSISDN.
- Create a new tab on the AAF Admin Console whereby an administrator can access an audit trail, that an Administrator user would apply for special role/permission and based on approval by the data owner will be able to view sensitive data (SMS OTP,etc) on the new audit tab. This access should be able to be attested by the data owner.