CVE-2021-42791 – This vulnerability in VeridiumID VeridiumAD 2.5... (How to Fix)

Q: What is the severity of CVE-2021-42791?

CVE-2021-42791 has a CVSS score of 7.3 (HIGH). This vulnerability in VeridiumID VeridiumAD 2.5.3.0 allows any authenticated user to trigger push notifications for any other user and modify the notification text. If the recipient accepts the notification, the attacker can obtain the victim's login certificate. All organizations using the affected VeridiumAD version are vulnerable.

📋 TL;DR

This vulnerability in VeridiumID VeridiumAD 2.5.3.0 allows any authenticated user to trigger push notifications for any other user and modify the notification text. If the recipient accepts the notification, the attacker can obtain the victim's login certificate. All organizations using the affected VeridiumAD version are vulnerable.

💻 Affected Systems

Products:

VeridiumID VeridiumAD

Versions: 2.5.3.0

Operating Systems: Windows (typically runs on Windows Server with Active Directory)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects VeridiumAD deployments integrated with Microsoft Active Directory for enterprise authentication.

📦 What is this software?

Veridiumad by Veridiumid

View all CVEs affecting Veridiumad →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could obtain login certificates for all users, enabling complete account takeover and lateral movement throughout the organization's authentication system.

🟠

Likely Case

Targeted attacks against specific users to steal their credentials and gain unauthorized access to systems protected by VeridiumAD authentication.

🟢

If Mitigated

With proper access controls, users can only trigger notifications for themselves, preventing credential theft.

🌐 Internet-Facing: MEDIUM - The vulnerability requires authenticated access, but if the system is internet-facing, attackers could exploit it after obtaining any valid user credentials.

🏢 Internal Only: HIGH - In internal deployments, any malicious insider or compromised account could exploit this to steal credentials from other users.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once authenticated. The vulnerability is well-documented in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.5.4.0 or later

Vendor Advisory: https://www.veridiumid.com/security-advisories/

Restart Required: Yes

Instructions:

1. Download the latest VeridiumAD version from Veridium's official portal. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart VeridiumAD services. 5. Verify proper functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to VeridiumAD management interfaces to only authorized administrative users and systems.

Enhanced Monitoring

all

Implement alerting for unusual push notification patterns or multiple notification attempts from single users.

🧯 If You Can't Patch

Implement strict network access controls to limit which users can communicate with VeridiumAD endpoints
Enable detailed logging and monitoring for push notification requests and investigate any suspicious patterns

🔍 How to Verify

Check if Vulnerable:

Check VeridiumAD version in administration console or via 'veridiumad --version' command. If version is 2.5.3.0, system is vulnerable.

Check Version:

veridiumad --version

Verify Fix Applied:

After patching, verify version is 2.5.4.0 or later. Test that users can only trigger their own push notifications.

📡 Detection & Monitoring

Log Indicators:

Multiple push notification requests from single user ID
Push notifications triggered for users other than the requester
Modified notification text in logs

Network Indicators:

HTTP POST requests to push notification endpoints with different user IDs in payload
Unusual frequency of push notification requests

SIEM Query:

source="veridiumad" AND (event="push_notification" AND user_id!=requesting_user_id)

📊 Metadata

CVE ID: CVE-2021-42791

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-444

Published: January 28, 2022

Last Updated: November 21, 2024

🔗 References

https://www.compass-security.com/en/research/advisories Third Party Advisory
https://www.compass-security.com/fileadmin/Research/Advisories/2022_03_CSNC-2021-017_VeridiumId_Broken_Access_Control.txt Third Party Advisory
https://www.veridiumid.com/press/veridium-eliminates-passwords-with-veridiumad-for-enterprises-using-microsoft-active-directory/ Product,Vendor Advisory
https://www.compass-security.com/en/research/advisories Third Party Advisory
https://www.compass-security.com/fileadmin/Research/Advisories/2022_03_CSNC-2021-017_VeridiumId_Broken_Access_Control.txt Third Party Advisory
https://www.veridiumid.com/press/veridium-eliminates-passwords-with-veridiumad-for-enterprises-using-microsoft-active-directory/ Product,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-42791, you might also want to check these: