CVE-2021-42001

Name of the Vulnerable Software and Affected Versions PingID Desktop versions prior to 1.7.3

Description The issue is related to a misconfiguration in the encryption libraries of PingID Desktop, which can lead to sensitive data exposure. An attacker capable of exploiting this issue may be able to successfully complete a Multi-Factor Authentication (MFA) challenge via One-Time Password (OTP).

Recommendations For versions prior to 1.7.3, update to version 1.7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and MFA challenges until the update is applied.