CVE-2021-42001 HIGH

CVE-2021-42001: PingID Desktop encryption libraries misconfiguration can lead to sensitive data exposure

Vendor Ping Identity
Product PingID Desktop
Weakness CWE-310
Published April 30, 2022
Last update August 4, 2024

CVSS base score

8.0/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP.

Key dates

02Disclosure timeline

April 30, 2022 CVE published
August 4, 2024 Record updated

Related vulnerabilities

04Related CVE