HIGH🇬🇧 English

CVE-2022-40722

CVSS 7.7v3.1pub. 2023-04-25upd. 2024-11-21

A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
  • Pingidentity Pingfederate

    APP
    Pingidentity
    11.1.0 – 11.1.511.2.0 – 11.2.2
  • Pingidentity Pingid Adapter For Pingfederate

    APP
    Pingidentity
    < 2.13.2
  • Pingidentity Pingid Integration Kit

    APP
    Pingidentity
    < 2.24
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-40329CRITICAL9.8ten sam produkt

The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external passwo...

CVE-2023-40545HIGH8.8ten sam produkt

Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affecte...

CVE-2023-39219HIGH7.5ten sam produkt

PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with cra...

CVE-2023-37283HIGH8.1ten sam produkt

Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFed...

CVE-2021-41770HIGH7.5ten sam produkt

Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can ...