← volver
CVE-2022-23724

PingID Integration for Windows Login MFA Bypass

CVSS 6.4 MEDIUMEPSS 0.4%CWE-288CWE-310
Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials.
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
Productos afectados
Ping Identity · PingID Integration for Windows Login

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://docs.pingidentity.com/bundle/pingid/page/xqz1597139945488.htmlhttps://www.pingidentity.com/en/resources/downloads/pingid.html