CVE-2021-32077
N/A
N/A
Summary
Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes hidden) search field, because the last four SSN digits are part of the supported combination of search selectors. This discloses doctors' and nurses' social security numbers and PII.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.veritystream.com/legacy/msow-solutions
- https://www.marbasec.com/blog/cve-2021-32077-fun-with-social-security-numbers
References
- https://www.veritystream.com/legacy/msow-solutions
- https://www.marbasec.com/blog/cve-2021-32077-fun-with-social-security-numbers
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.