CVE-2021-42001

PingID Desktop encryption libraries misconfiguration can lead to sensitive data exposure

CVSS 8 HIGHEPSS 0.5%CWE-310

PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP.

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

Ping Identity · PingID Desktop

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.pingidentity.com/bundle/pingid/page/dyt1645545885978.html https://www.pingidentity.com/en/resources/downloads/pingid.html