Vulnerabilities > CVE-2021-42001 - Unspecified vulnerability in Pingidentity Pingid Desktop

CVSS 9.9 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

pingidentity

critical

NVD

Published: 2022-04-30

Updated: 2023-07-17

Summary

PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP.

Vulnerable Configurations

Part	Description	Count
Application	Pingidentity Pingidentity Pingid Desktop *	2

References

https://docs.pingidentity.com/bundle/pingid/page/dyt1645545885978.html
https://www.pingidentity.com/en/resources/downloads/pingid.html