VYPR

Identity

by Cyber Ark

CVEs (1)

  • CVE-2021-37151MedSep 1, 2021
    risk 0.35cvss 5.3epss 0.01

    CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain authentication policy configurations with MFA, the API response length can be used to differentiate between a valid user and an invalid one…