CVE-2021-41993

Summary

A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.

Affected Software

VendorProductVersion RangeStatus
Ping IdentityPingID Mobile Applicationunspecified < 1.19affected

Weaknesses

  • CWE-310: CWE-310 Cryptographic Issues

ADP Enrichment

CVE Program Container

Additional References

References