CVE-2023-40702
PingOne MFA Integration Kit MFA bypass
PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate as a target user if they have existing knowledge of the target user’s first-factor credentials.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Ping Identity · PingOne MFA Integration Kit for PingFederate¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →