Home > Cyber News > CVE-2021-22057: 2FA Issue in VMware Workspace ONE Access

CVE-2021-22057: 2FA Issue in VMware Workspace ONE Access

CVE-2021-22057: 2FA Issue in VMware Workspace ONE Access
A new VMware vulnerability should be patched immediately to avoid any exploitation.

CVE-2021-22057 in VMware Workspace ONE Access

CVE-2021-22057 is a critical vulnerability in VMware Workspace ONE Access that specifically affects its two factor authentication (2FA) processing component.

Currently, little is known about the vulnerability. What is known is that a manipulation with an unknown input could lead to a weak authentication issue, according to Vulnerability Database. In terms of impact, CVE-2021-22057 can affect confidentiality, integrity, and availability.

Apparently, exploiting the flaw is trivial. Access to the local network and authentication are required for this attack to succeed. Currently, neither technical details nor an exploit regarding the vulnerability are publicly available. The good news is that applying the patch eliminates the flaw.

2FA Deemed Unsafe Years Ago

In February 2019, Metro Bank was in a sophisticated 2FA bypass attack that targeted the codes sent via text messages to customers to verify transactions. The bypass was possible after the hackers infiltrated the text messaging protocol of a telecommunications company.

As a matter of fact, 2FA was deemed unsafe back in 2016. Patented in 1984, 2FA provides identification of users based on the combination of two different components.

The various types of social engineering can easily trick the user into confirming their authentication codes. According to Nasir Memon, Computer Science professor at Tandon School of Engineering, the crook would simply need to ask the user for the official verification code.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree