A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA.
oryginał ENCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:NPingidentity Pingfederate
APPPingidentity11.1.0 – 11.1.511.2.0 – 11.2.2Pingidentity Pingid Adapter For Pingfederate
APPPingidentity< 2.13.2Pingidentity Pingid Integration Kit
APPPingidentity< 2.24
Powiązane podatności
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external passwo...
Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affecte...
PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with cra...
Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFed...
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can ...