VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware workspace_one_access 20.10 |
||
vmware workspace_one_access 21.08 |
||
vmware workspace_one_access 20.10.0.1 |
||
vmware workspace_one_access 21.08.0.1 |
Get our weekly newsletter Plus: Deep dive into the NSO Group's zero-click exploit and 'Hack the DHS!'
In Brief VMware has warned users a flaw in its VMware Verify two-factor authentication product could allow a malicious actor with a first-factor authentication credential to obtain a second factor from its VMware Verify product. CVE-2021-22057 is the rascal behind this issue and is rated 6.6/10. VMware Verify is part of the wider VMware Workspace ONE Access product, now available in version 21.08.0.1 to fix this bug and a 5.5-rated Server Side Request Forgery that can allow a malicious actor wit...