CVE-2021-42001
PingID Desktop encryption libraries misconfiguration can lead to sensitive data exposure
Severity Score
9.9
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP.
PingID Desktop versiones anteriores a 1.7.3, presenta una configuración errónea en las bibliotecas de cifrado que puede conllevar a una exposición de datos confidenciales. Un atacante capaz de explotar esta vulnerabilidad puede ser capaz de completar con éxito un desafío MFA por medio de OTP
*Credits:
Ping Identity credits The Commonwealth Bank of Australia for the discovery of this vulnerability.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-10-04 CVE Reserved
- 2022-04-30 CVE Published
- 2023-11-21 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.pingidentity.com/en/resources/downloads/pingid.html | 2023-07-17 |
| URL | Date | SRC |
|---|---|---|
| https://docs.pingidentity.com/bundle/pingid/page/dyt1645545885978.html | 2023-07-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Pingidentity Search vendor "Pingidentity" | Pingid Desktop Search vendor "Pingidentity" for product "Pingid Desktop" | < 1.7.3 Search vendor "Pingidentity" for product "Pingid Desktop" and version " < 1.7.3" | mac_os_x |
Affected
| ||||||
| Pingidentity Search vendor "Pingidentity" | Pingid Desktop Search vendor "Pingidentity" for product "Pingid Desktop" | < 1.7.3 Search vendor "Pingidentity" for product "Pingid Desktop" and version " < 1.7.3" | windows |
Affected
| ||||||