CVE-2021-3391
5.3 MEDIUMMobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observi...
Published: 2021-03-29 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
| Vendor | Product |
|---|---|
| mobileiron | mobile\@work |
Description
MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a Lockout error message
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3391
- [Other]https://github.com/optiv/rustyIron
- [Other]https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
- [Other]https://www.optiv.com/explore-optiv-insights/source-zero/mobileiron-mdm-contains-static-key-allowing-account-enumeration
- [Other]https://github.com/optiv/rustyIron
- [Other]https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
- [Other]https://www.optiv.com/explore-optiv-insights/source-zero/mobileiron-mdm-contains-static-key-allowing-account-enumeration