Vulnerability Details CVE-2023-44039
In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker (who can pass enrollment verifications and is allowed to enroll a FIDO key) to register their FIDO authenticator to a victim’s account and consequently take over the account.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.9%
CVSS Severity
CVSS v3 Score 9.1
References
- https://docs.veridiumid.com/docs/v3.5/security-advisory#id-%28v3.52%29SecurityAdvisory-Acknowledgement
- https://veridiumid.com/veridium-id-authentication-platform/
- https://docs.veridiumid.com/docs/v3.5/security-advisory#id-%28v3.52%29SecurityAdvisory-Acknowledgement
- https://veridiumid.com/veridium-id-authentication-platform/
Products affected by CVE-2023-44039
-
cpe:2.3:a:veridiumid:veridiumad:-
-
cpe:2.3:a:veridiumid:veridiumad:2.5.3.0
-
cpe:2.3:a:veridiumid:veridiumad:2.5.7.0