What is the severity of CVE-2021-42791?

CVE-2021-42791 is classified as a high severity vulnerability due to the potential for unauthorized push notification access.

How do I fix CVE-2021-42791?

To fix CVE-2021-42791, ensure that proper access control measures are implemented to restrict push notification requests to authorized users.

What impact does CVE-2021-42791 have on user security?

CVE-2021-42791 allows an attacker to send unauthorized push notifications to any user, compromising user privacy and potentially spreading misinformation.

Is CVE-2021-42791 specific to any version of VeridiumAD?

Yes, CVE-2021-42791 specifically affects VeridiumAD version 2.5.3.0.

Can CVE-2021-42791 be exploited remotely?

Yes, CVE-2021-42791 can be exploited remotely as it involves HTTP requests that do not require authentication for triggering notifications.

Vulnerability/
CVE-2021-42791

high

7.3

CWE

444

28/1/2022

4/8/2024

CVE-2021-42791

First published: Fri Jan 28 2022(Updated: 8 months ago)

An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified. If a user who receives the notification accepts it, then the user who triggered the notification can obtain the accepting user's login certificate.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
VeridiumID	=2.5.3.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-42791?
CVE-2021-42791 is classified as a high severity vulnerability due to the potential for unauthorized push notification access.
How do I fix CVE-2021-42791?
To fix CVE-2021-42791, ensure that proper access control measures are implemented to restrict push notification requests to authorized users.
What impact does CVE-2021-42791 have on user security?
CVE-2021-42791 allows an attacker to send unauthorized push notifications to any user, compromising user privacy and potentially spreading misinformation.
Is CVE-2021-42791 specific to any version of VeridiumAD?
Yes, CVE-2021-42791 specifically affects VeridiumAD version 2.5.3.0.
Can CVE-2021-42791 be exploited remotely?
Yes, CVE-2021-42791 can be exploited remotely as it involves HTTP requests that do not require authentication for triggering notifications.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/references
agent/weakness
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/veridiumid
canonical/veridiumid
version/veridiumid/2.5.3.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.