CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-41994

A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 3.7%

CVSS Severity

CVSS v3 Score 6.6

CVSS v2 Score 1.9

References

https://docs.pingidentity.com/bundle/pingid/page/ejd1642076304199.html
https://www.pingidentity.com/en/resources/downloads/pingid.html
https://docs.pingidentity.com/bundle/pingid/page/ejd1642076304199.html
https://www.pingidentity.com/en/resources/downloads/pingid.html

Products affected by CVE-2021-41994

Pingidentity » Pingid » Version: Any

cpe:2.3:a:pingidentity:pingid:*
Pingidentity » Pingid Windows Login » Version: N/A

cpe:2.3:a:pingidentity:pingid_windows_login:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-41994

Products

Pricing

Contact Us