PT-2021-20361 · Mobileiron · Mobileiron Mobile@Work

Published

2021-03-29

Updated

2021-04-06

CVE-2021-3391

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: MobileIron Mobile@Work through 2021-03-22

Description: The issue allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a Lockout error message.

Recommendations: For MobileIron Mobile@Work through 2021-03-22, consider restricting access to the login functionality to minimize the risk of exploitation until a fix is available. As a temporary workaround, limit the number of failed login attempts to prevent attackers from distinguishing among account types.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-3391

Affected Products

Mobileiron Mobile@Work

PT-2021-20361 · Mobileiron · Mobileiron Mobile@Work

CVE-2021-3391

Related Identifiers

Affected Products

References · 6