CVEDB API

A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 11.9%

CVSS Severity

CVSS v3 Score 7.7

CVSS v2 Score 1.9

References

Products affected by CVE-2021-41992

Pingidentity » Pingid Integration For Windows Login » Version: N/A

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:-
Pingidentity » Pingid Integration For Windows Login » Version: 1.0

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:1.0
Pingidentity » Pingid Integration For Windows Login » Version: 1.2

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:1.2
Pingidentity » Pingid Integration For Windows Login » Version: 1.3

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:1.3
Pingidentity » Pingid Integration For Windows Login » Version: 2.0

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:2.0
Pingidentity » Pingid Integration For Windows Login » Version: 2.1

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:2.1
Pingidentity » Pingid Integration For Windows Login » Version: 2.2

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:2.2
Pingidentity » Pingid Integration For Windows Login » Version: 2.3

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:2.3
Pingidentity » Pingid Integration For Windows Login » Version: 2.3.1

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:2.3.1
Pingidentity » Pingid Integration For Windows Login » Version: 2.4.2

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:2.4.2