Home > Cyber News > CVE-2021-22057: 2FA Issue in VMware Workspace ONE Access
CYBER NEWS

CVE-2021-22057: 2FA Issue in VMware Workspace ONE Access

by   |  Last Update:  |  0 Comments  

CVE-2021-22057: 2FA Issue in VMware Workspace ONE Access
A new VMware vulnerability should be patched immediately to avoid any exploitation.

CVE-2021-22057 in VMware Workspace ONE Access

CVE-2021-22057 is a critical vulnerability in VMware Workspace ONE Access that specifically affects its two factor authentication (2FA) processing component.




Currently, little is known about the vulnerability. What is known is that a manipulation with an unknown input could lead to a weak authentication issue, according to Vulnerability Database. In terms of impact, CVE-2021-22057 can affect confidentiality, integrity, and availability.

Apparently, exploiting the flaw is trivial. Access to the local network and authentication are required for this attack to succeed. Currently, neither technical details nor an exploit regarding the vulnerability are publicly available. The good news is that applying the patch eliminates the flaw.

2FA Deemed Unsafe Years Ago

In February 2019, Metro Bank was in a sophisticated 2FA bypass attack that targeted the codes sent via text messages to customers to verify transactions. The bypass was possible after the hackers infiltrated the text messaging protocol of a telecommunications company.

As a matter of fact, 2FA was deemed unsafe back in 2016. Patented in 1984, 2FA provides identification of users based on the combination of two different components.

The various types of social engineering can easily trick the user into confirming their authentication codes. According to Nasir Memon, Computer Science professor at Tandon School of Engineering, the crook would simply need to ask the user for the official verification code.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. CVE-2022-31656: Critical VMware Authentication Bypass Vulnerability VMware recently released another set of patches addressing a number...
  2. Facebook 2FA Now Available via Authenticator Apps Facebook has finally introduced two-factor (2FA) authentication to users who...
  3. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  4. VMware Fixes Eight Serious Security Issues (CVE-2022-22954) VMware has fixed a total of eight security vulnerabilities in...
  5. CVE-2021-21985: Critical Flaw in VMware vCenter Needs Immediate Patching CVE-2021-21985 is a critical vulnerability in VMware vCenter that needs...
  6. VMware Discloses Critical Vulnerabilities CVE-2022-22951, CVE-2022-22952 Two new VMware vulnerabilities have been disclosed, CVE-2022-22951 and CVE-2022-22952,...
  7. CVE-2021-22005: VMware vCenter Flaw Could Be Exploited by Ransomware A new severe, arbitrary file upload VMware vCenter Server vulnerability,...
  8. RansomExx Gang Is Exploiting VMWare Bugs CVE-2019-5544, CVE-2020-3992 Ransomware operators are known to exploit various vulnerabilities, especially in...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree