CVE-2021-41994

Опубликовано: 30 апр. 2022

Источник: nvd

CVSS3: 6.6

CVSS3: 4.8

CVSS2: 1.9

EPSS Низкий

Описание

A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.

Ссылки

https://docs.pingidentity.com/bundle/pingid/page/ejd1642076304199.html
Patch
Release Notes
Vendor Advisory
https://www.pingidentity.com/en/resources/downloads/pingid.html
Patch
https://docs.pingidentity.com/bundle/pingid/page/ejd1642076304199.html
Patch
Release Notes
Vendor Advisory
https://www.pingidentity.com/en/resources/downloads/pingid.html
Patch

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:pingidentity:pingid:*:*:*:*:*:iphone_os:*:*

Версия до 1.19 (исключая)

cpe:2.3:a:pingidentity:pingid_windows_login:-:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00075

Низкий

6.6 Medium

CVSS3

4.8 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-310

CWE-330

Связанные уязвимости

GHSA-p2mw-hvw2-hhxv

CVSS3: 4.8

github

почти 4 года назад

A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.

EPSS

Процентиль: 23%

0.00075

Низкий

6.6 Medium

CVSS3

4.8 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-310

CWE-330