CVE-2021-41993: PingID Android mobile application prior to 1.19 vulnerable to pre-computed dictionary attacks
First published: Sat Apr 30 2022(Updated: )
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.
Credit: responsible-disclosure@pingidentity.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PingID | <1.19 | |
| Pingidentity Pingid Integration For Windows Login |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this misconfiguration in the PingID Android app?
The vulnerability ID for this misconfiguration in the PingID Android app is CVE-2021-41993.
What type of vulnerability is this?
This vulnerability is a misconfiguration vulnerability.
What is the severity of CVE-2021-41993?
The severity of CVE-2021-41993 is medium with a CVSS score of 4.8.
What is the affected software for CVE-2021-41993?
The affected software for CVE-2021-41993 is the PingID Android app prior to version 1.19 and PingID Windows Login.
How can the misconfiguration in the PingID Android app be exploited?
The misconfiguration in the PingID Android app can be exploited through pre-computed dictionary attacks, resulting in an offline MFA bypass when using PingID Windows Login.
- agent/references
- agent/type
- agent/weakness
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/author
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/pingidentity
- canonical/pingid
- canonical/pingidentity pingid integration for windows login