Authenticator
CVE-2024-21390
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Primary rating from Vendor (microsoft) · only source for this CVE.
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
Microsoft Authenticator Elevation of Privilege Vulnerability
AnalysisAI
Microsoft Authenticator Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. Affected products include: Microsoft Authenticator.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
More in Authenticator
View allAuthenticator is a browser extension that generates two-step verification codes. Rated high severity (CVSS 7.8), this vu
Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be
An improper authentication vulnerability has been reported to affect QNAP Authenticator. If an attacker gains physical a
SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a ma
pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for t
Microsoft Authenticator contains an information disclosure vulnerability that allows local attackers to access sensitive
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today