CVE-2021-3391

Published
View on NVD ↗
CVSS v3
5.3
MEDIUM
CVSS v2
5
MEDIUM
Affected
1
PROJECT

Description

MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a Lockout error message

optiv/rustyIron
optiv/rustyIron
rustyIron is a tool that takes advantage of functionality within Ivanti's MobileIron MDM solution to perform single-factor authentication attacks. rustyIron can locate the MobileIron MDM authentication endpoint, validate the authentication strategy of the environment, perform user enumeration, brute-force registration PIN values, and perform single-factor authentication attacks.
GitHubGitHub
44