Lucene search

Ping IdentityCVELIST:CVE-2021-41995

HistoryJun 30, 2022 - 7:25 p.m.

CVE-2021-41995 PingID Mac Login prior to 1.1 vulnerable to pre-computed dictionary attacks

2022-06-3019:25:23

CWE-288

CWE-310

Ping Identity

www.cve.org

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.1%

JSON

A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.

CNA Affected

[
  {
    "platforms": [
      "macOS"
    ],
    "product": "PingID Mac Login",
    "vendor": "Ping Identity",
    "versions": [
      {
        "lessThan": "1.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

docs.pingidentity.com/bundle/pingid/page/hnh1653583508549.html

www.pingidentity.com/en/resources/downloads/pingid.html

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.1%

JSON

Related for CVELIST:CVE-2021-41995