What is the severity of CVE-2021-30120?

The severity of CVE-2021-30120 is considered critical due to its ability to bypass two-factor authentication.

How do I fix CVE-2021-30120?

To fix CVE-2021-30120, upgrade Kaseya VSA to version 9.5.7 or later.

What versions of Kaseya VSA are affected by CVE-2021-30120?

Kaseya VSA versions prior to 9.5.7 are affected by CVE-2021-30120.

What type of vulnerability is CVE-2021-30120?

CVE-2021-30120 is a vulnerability that allows attackers to bypass two-factor authentication.

Can CVE-2021-30120 be exploited remotely?

Yes, CVE-2021-30120 can potentially be exploited remotely through the login process using a local proxy.

Vulnerability/
CVE-2021-30120

critical

9.9

CWE

669

9/7/2021

3/8/2024

CVE-2021-30120: 2FA bypass in Kaseya VSA <= v9.5.6

First published: Fri Jul 09 2021(Updated: )

Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process, after the user authenticates with username and password, the server sends a response to the client with the booleans MFARequired and MFAEnroled. If the attacker has obtained a password of a user and used an intercepting proxy (e.g. Burp Suite) to change the value of MFARequered from True to False, there is no prompt for the second factor, but the user is still logged in.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Kaseya VSA	<=9.5.6

Remedy

https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/

Remedy

Upgrade to a version above 9.5.6

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-30120?
The severity of CVE-2021-30120 is considered critical due to its ability to bypass two-factor authentication.
How do I fix CVE-2021-30120?
To fix CVE-2021-30120, upgrade Kaseya VSA to version 9.5.7 or later.
What versions of Kaseya VSA are affected by CVE-2021-30120?
Kaseya VSA versions prior to 9.5.7 are affected by CVE-2021-30120.
What type of vulnerability is CVE-2021-30120?
CVE-2021-30120 is a vulnerability that allows attackers to bypass two-factor authentication.
Can CVE-2021-30120 be exploited remotely?
Yes, CVE-2021-30120 can potentially be exploited remotely through the login process using a local proxy.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/author
agent/remedy
agent/references
agent/last-modified-date
agent/title
agent/description
agent/first-publish-date
agent/event
agent/tags
agent/source
vendor/kaseya
canonical/kaseya vsa
version/kaseya vsa/9.5.6

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.