VMware 2FA flaw can divulge that vital second credential to malicious actors

From theregister.com

VMware has warned users a flaw in its VMware Verify two-factor authentication product could allow a malicious actor with a first-factor authentication credential to obtain a second factor from its VMware Verify product.

CVE-2021-22057 is the rascal behind this issue and is rated 6.6/10. VMware Verify is part of the wider VMware Workspace ONE Access product, now available in version to fix this bug and a 5.5-rated Server Side Request Forgery that can allow a malicious actor with network access to make HTTP requests to arbitrary origins and read the full response

News of the two new flaws in WorkspaceONE came a day after VMware warned of a critical-rated flaw in the suite.

Read more…