EmpowerID 7.205.0.0 Authentication Bypass

2023.08.02
Credit: Nirav Patel
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Severity: High Description: An identified security flaw is present in EmpowerID versions V7.205.0.0 and prior versions, causing the system to mistakenly send Multi-Factor Authentication (MFA) codes to unintended email addresses. To exploit this vulnerability, an attacker would need to have access to valid and breached login details, including a username and password. This vulnerability's root cause lies in insufficient verification of previously registered MFA during the process of delivering MFA codes. A bad actor possessing the correct login details for an EmpowerID user account can abuse this weakness by changing the email address associated with the user's account to an alternate one under their control. Consequently, the MFA codes that should be sent to the legitimate user are instead delivered to the malicious party's email. By successfully taking advantage of this vulnerability, an attacker could circumvent MFA safeguards and potentially gain unpermitted access to the victim's account. Such a security breach could enable unauthorized activities, data breaches, or the exposure of confidential information within the impacted EmpowerID system. Affected Versions: * EmpowerID versions V7.205.0.0 and earlier. Actions Performed: EmpowerID has released a patch to version V7.205.0.1 and older versions, which addresses this vulnerability. EmpowerID has contacted customers which are known to use EmpowerID's MFA. It is highly recommended that all customers upgrade to the latest version immediately to mitigate the risk, or contact EmpowerID for patch details. [signature_889433285]<http://empowerid.com/> Nirav Patel [signature_1232658466] nirav.patel@empowerID.com<mailto:nirav.patel@empowerID.com> [signature_1909062425] www.empowerID.com<http://empowerid.com/> [signature_729000866] <http://www.youtube.com/user/empowerID> [signature_2001009733] <https://twitter.com/EmpowerID> [signature_1070999265] <https://www.facebook.com/220903377569> [signature_679156352] <https://www.linkedin.com/company/85780>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top