CVE-2021-30120

Name of the Vulnerable Software and Affected Versions Kaseya VSA versions prior to 9.5.7

Description The issue allows attackers to bypass the 2-factor authentication (2FA) requirement. This is possible because the need to use 2FA for authentication is enforced client-side instead of server-side, making it vulnerable to bypass using a local proxy. During the login process, after a user authenticates with username and password, the server sends a response to the client with the booleans MFARequired and MFAEnroled. An attacker can use an intercepting proxy to change the value of MFARequired from True to False, resulting in no prompt for the second factor, yet the user is still logged in.

Recommendations For Kaseya VSA versions prior to 9.5.7, update to version 9.5.7 or later to resolve the issue. As a temporary workaround, consider implementing server-side enforcement of 2FA to prevent bypass attempts. Restrict access to the login process to minimize the risk of exploitation until the update is applied.