Lim Jing Qiang

Researcher fromCentre for Strategic Infocomm Technologies (CSIT)
#9797of 53,633
28.2Total CVSS
Vulnerabilities · 4
Medium
3
Critical
1
PT-2024-13167
6.5
2024-04-03
Veridium · Veridiumid · CVE-2023-44038
**Name of the Vulnerable Software and Affected Versions** VeridiumID versions prior to 3.5.0 **Description** The issue allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack on the identity provider page. **Recommendations** For versions prior to 3.5.0, update to version 3.5.0 or later to resolve the issue.
PT-2024-13168
9.1
2024-04-03
Veridium · Veridiumid · CVE-2023-44039
**Name of the Vulnerable Software and Affected Versions** VeridiumID versions prior to 3.5.0 **Description** The issue allows an internal unauthenticated attacker, who can pass enrollment verifications and is allowed to enroll a FIDO key, to register their FIDO authenticator to a victim's account, consequently taking over the account. This is related to the WebAuthn API. **Recommendations** For versions prior to 3.5.0, update to version 3.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the WebAuthn API or limiting the ability to enroll new FIDO keys to prevent potential account takeovers.
PT-2024-13169
6.1
2024-04-03
Veridium · Veridiumid · CVE-2023-44040
**Name of the Vulnerable Software and Affected Versions** VeridiumID versions prior to 3.5.0 **Description** The issue concerns a cross-site scripting (XSS) vulnerability in the identity provider page. This vulnerability can be exploited by an internal unauthenticated attacker to execute JavaScript in the context of the user trying to authenticate. **Recommendations** For versions prior to 3.5.0, update to version 3.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the identity provider page to minimize the risk of exploitation.
PT-2024-13251
6.5
2024-04-03
Veridium · Veridiumid · CVE-2023-45552
**Name of the Vulnerable Software and Affected Versions** VeridiumID versions prior to 3.5.0 **Description** A stored cross-site scripting issue has been found in the admin portal of the affected software. This allows an authenticated attacker to potentially take over all accounts by sending malicious input via the self-service portal. **Recommendations** For versions prior to 3.5.0, update to version 3.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin portal and self-service portal to minimize the risk of exploitation.