Lucene search

Ping IdentityCVELIST:CVE-2022-23721

HistoryApr 25, 2023 - 12:00 a.m.

CVE-2022-23721 PingID integration for Windows login duplicate username collision.

2023-04-2500:00:00

CWE-694

Ping Identity

www.cve.org

cve-2022-23721

pingid integration

windows login

duplicate usernames

collision

username collision

provisioned users

username duplication

3.8 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times.

CNA Affected

[
  {
    "vendor": "Ping Identity",
    "product": "unspecified",
    "versions": [
      {
        "version": "2.9",
        "status": "affected",
        "lessThan": "2.9",
        "versionType": "custom"
      }
    ]
  }
]

References

docs.pingidentity.com/r/en-us/pingid/davinci_pingid_windows_login_relnotes_2.9

3.8 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVELIST:CVE-2022-23721