CVE-2021-41994
First published: Sat Apr 30 2022(Updated: )
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.
Credit: responsible-disclosure@pingidentity.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pingidentity Pingid | <1.19 | |
| Pingidentity Pingid Windows Login |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this PingID iOS app vulnerability?
The vulnerability ID is CVE-2021-41994.
What is the risk severity of CVE-2021-41994?
The risk severity of CVE-2021-41994 is medium with a severity value of 4.8.
How does the misconfiguration of RSA in the PingID iOS app prior to 1.19 make it vulnerable?
The misconfiguration makes it vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.
Which software versions of the PingID iOS app are affected by CVE-2021-41994?
The versions affected are prior to 1.19.
Where can I find more information and resources about this vulnerability?
You can find more information and resources about this vulnerability in the PingID documentation and downloads page at the following links: [link1](https://docs.pingidentity.com/bundle/pingid/page/ejd1642076304199.html) and [link2](https://www.pingidentity.com/en/resources/downloads/pingid.html).