Insecure Direct Object Reference in HYPR Server Affects User Authentication
CVE-2022-2193

7.5HIGH

Key Information:

Vendor: Hypr
Status: Hypr Server
Vendor: CVE Published:; 19 July 2022

What is CVE-2022-2193?

A vulnerability in HYPR Server allows remote authenticated attackers to exploit insecure direct object reference by tampering with parameters on the Device Manager page. This can enable them to add a FIDO2 authenticator to any account, potentially compromising user authentication and access. Affected versions include all prior to 6.14.1, highlighting the importance of updating to safeguard against such exploits.

Affected Version(s)

HYPR Server < 6.14.1

References

https://www.hypr.com/security-advisories/

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 19, 2022
Vulnerability Reserved
Jun 23, 2022

Hypr

What is CVE-2022-2193?

Affected Version(s)

References

CVSS V3.1

Timeline