Empowerid
Monthly
EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in EmpowerID up to 7.205.0.0. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in EmpowerID up to 7.205.0.0. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.