2 matches found
CVE-2021-42791
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified...
CVE-2021-42791
The CVE-2021-42791 entry concerns VeridiumID VeridiumAD 2.5.3.0. The vulnerability is an access-control gap in the HTTP trigger for push notifications: an attacker can trigger notifications for other enrolled users, and the notification text can be altered. If the notification recipient accepts, ...