Misconfiguration in Encryption Libraries in PingID Desktop Prior to 1.7.3: Sensitive Data Exposure and MFA Bypass

Misconfiguration in Encryption Libraries in PingID Desktop Prior to 1.7.3: Sensitive Data Exposure and MFA Bypass

CVE-2021-42001 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP.

Learn more about our Cis Benchmark Audit For Desktop Software.