Lucene search

K
cvePing IdentityCVE-2021-41993
HistoryApr 30, 2022 - 10:15 p.m.

CVE-2021-41993

2022-04-3022:15:08
CWE-330
CWE-310
Ping Identity
web.nvd.nist.gov
66
cve-2021-41993
pingid
rsa
android app
pre-computed dictionary attacks
mfa bypass
security vulnerability

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.6

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

AI Score

5.1

Confidence

High

EPSS

0

Percentile

12.6%

A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.

Affected configurations

Nvd
Node
pingidentitypingidRange<1.19android
OR
pingidentitypingid_windows_loginMatch-
VendorProductVersionCPE
pingidentitypingid*cpe:2.3:a:pingidentity:pingid:*:*:*:*:*:android:*:*
pingidentitypingid_windows_login-cpe:2.3:a:pingidentity:pingid_windows_login:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "platforms": [
      "Android"
    ],
    "product": "PingID Mobile Application",
    "vendor": "Ping Identity",
    "versions": [
      {
        "lessThan": "1.19",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.6

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

AI Score

5.1

Confidence

High

EPSS

0

Percentile

12.6%

Related for CVE-2021-41993