6 matches found
CVE-2021-30120
creationtimestamp| type| source ---|---|--- 2021-07-12 12:51:43+00:00| exploited| https://t.me/truesecator/1905...
Kaseya Releases Patches for Flaws Exploited in Widespread Ransomware Attack
Florida-based software vendor Kaseya on Sunday rolled out urgent updates to address critical security vulnerabilities in its Virtual System Administrator VSA solution that was used as a jumping off point to target as many as 1,500 businesses across the globe as part of a widespread supply-chain...
Kaseya VSA < 9.5.7a Multiple Vulnerabilities
The version of Kaseya VSA installed on the remote host is affected by multiple vulnerabilities as referenced in the vendor advisory: - Credentials leak and business logic flaw. CVE-2021-30116 - Cross-Site Scripting vulnerability XSS. CVE-2021-30119 - 2FA Authentication bypass. CVE-2021-30120 Note...
CVE-2021-30120 2FA bypass in Kaseya VSA <= v9.5.6
Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process, after the user...
CVE-2021-30120
Kaseya VSA 2FA bypass (CVE-2021-30120) affects VSA up to version 9.5.6, where after a valid username/password login the server’s response exposes MFARequired/MFAEnroled booleans and an intercepting proxy can flip MFARequired to False, bypassing 2FA and allowing login without a second factor. This...
VulnCheck KEV: CVE-2021-30120
Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process, after the user...