CVE-2021-32077

Name of the Vulnerable Software and Affected Versions VerityStream MSOW Solutions versions prior to 3.1.1

Description The issue allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a search field. This is because the last four SSN digits are part of the supported combination of search selectors, which can disclose doctors' and nurses' social security numbers and personally identifiable information (PII). The vulnerability is related to insufficient protection of service data in the registration and authentication system.

Recommendations For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the search field to minimize the risk of exploitation. Additionally, limit the use of SSN digits as part of the search selectors to prevent brute-force attacks.