CVE-2021-42001

PingID Desktop encryption libraries misconfiguration can lead to sensitive data exposure

CVSS 8 HIGHEPSS 0.5%CWE-310

PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP.

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Productos afectados

Ping Identity · PingID Desktop

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://docs.pingidentity.com/bundle/pingid/page/dyt1645545885978.html https://www.pingidentity.com/en/resources/downloads/pingid.html