An issue was discovered in Quest One Identity 7.5.1.20903. A crafted response manipulation can bypass the OTP on MFA page which leads to access the PAM portal without OTP allowing attackers to control an arbitrary account.
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.