CVE-2023-23192

HIGH

IS Decisions UserLock MFA 11.01 - Authentication Bypass via Scheduled Task

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-23192. PoCs published by pinarsadioglu.

AI-analyzed exploit summary The repository describes a vulnerability in Userlock MFA where an attacker with administrative privileges can bypass MFA by creating a scheduled task that executes at logon. The exploit leverages the Windows Task Scheduler to execute commands before MFA is enforced.

Description

IS Decisions UserLock MFA 11.01 is vulnerable to authentication bypass using scheduled task.

Exploits (1)

nomisec WRITEUP 13 stars

by pinarsadioglu · poc

https://github.com/pinarsadioglu/CVE-2023-23192

View Code ZIP pw:eip

The repository describes a vulnerability in Userlock MFA where an attacker with administrative privileges can bypass MFA by creating a scheduled task that executes at logon. The exploit leverages the Windows Task Scheduler to execute commands before MFA is enforced.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Userlock MFA (versions <= 11.0.1.40)

Auth required

Prerequisites: Administrator or Root privileges on the target system

MITRE ATT&CK

T1053.005 - Scheduled Task

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/pinarsadioglu/CVE-2023-23192/

View Exploit ZIP pw:eip

Product

https://www.isdecisions.com/products/userlock/

Scores

CVSS v3 7.2

EPSS 0.0148

EPSS Percentile 70.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-863

Status published

Products (1)

isdecisions/userlock 11.0.1

Published Mar 23, 2023

Tracked Since Feb 18, 2026