EmpowerID Authentication Bypass

CVE Category Price Severity
CVE-2021-30920 CWE-287 Not specified High
Author Risk Exploitation Type Date
X41 D-Sec GmbH High Remote 2023-08-02

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

EmpowerID Authentication Bypass
 Severity: High


An identified security flaw is present in EmpowerID versions V7.205.0.0 and prior versions, causing the system to mistakenly send Multi-Factor Authentication (MFA) codes to unintended email addresses. To exploit this vulnerability, an attacker would need to have access to valid and breached login details, including a username and password.

This vulnerability's root cause lies in insufficient verification of previously registered MFA during the process of delivering MFA codes. A bad actor possessing the correct login details for an EmpowerID user account can abuse this weakness by changing the email address associated with the user's account to an alternate one under their control. Consequently, the MFA codes that should be sent to the legitimate user are instead delivered to the malicious party's email.

By successfully taking advantage of this vulnerability, an attacker could circumvent MFA safeguards and potentially gain unpermitted access to the victim's account. Such a security breach could enable unauthorized activities, data breaches, or the exposure of confidential information within the impacted EmpowerID system.

Affected Versions:

  *   EmpowerID versions V7.205.0.0 and earlier.

Actions Performed:

EmpowerID has released a patch to version V7.205.0.1 and older versions, which addresses this vulnerability. EmpowerID has contacted customers which are known to use EmpowerID's MFA. It is highly recommended that all customers upgrade to the latest version immediately to mitigate the risk, or contact EmpowerID for patch details.

   Nirav Patel

   [signature_1232658466]    [email protected]<mailto:[email protected]>

   [signature_729000866] <>   [signature_2001009733] <>   [signature_1070999265] <>   [signature_679156352] <>

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.