CVE-2021-42001: PingID Desktop encryption libraries misconfiguration can lead to sensitive data exposure
First published: Sat Apr 30 2022(Updated: )
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP.
Credit: responsible-disclosure@pingidentity.com responsible-disclosure@pingidentity.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pingidentity Pingid Desktop | <1.7.3 | |
| Pingidentity Pingid Desktop | <1.7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-42001?
CVE-2021-42001 is a vulnerability in PingID Desktop prior to version 1.7.3 that allows for sensitive data exposure.
How severe is CVE-2021-42001?
CVE-2021-42001 has a severity rating of critical with a value of 9.9.
What is the affected software for CVE-2021-42001?
The affected software for CVE-2021-42001 is PingID Desktop prior to version 1.7.3.
How can CVE-2021-42001 be exploited?
An attacker capable of exploiting CVE-2021-42001 may be able to successfully complete an MFA challenge via OTP.
Where can I find more information about CVE-2021-42001?
You can find more information about CVE-2021-42001 in the PingID Desktop documentation and downloads page.
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- vendor/pingidentity
- canonical/pingidentity pingid desktop