Ping IdentityCVELIST:CVE-2022-40722CVE-2022-40722 Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate.
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
7.7 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.7%
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA.
CNA Affected
[
{
"vendor": "Ping Identity",
"product": "PingID Adapter for PingFederate",
"versions": [
{
"version": "2.13.2",
"status": "affected",
"lessThan": "2.13.2",
"versionType": "custom"
}
]
},
{
"vendor": "Ping Identity",
"product": "PingID Integration Kit (includes PingID Adapter)",
"versions": [
{
"version": "2.24",
"status": "affected",
"lessThan": "2.24",
"versionType": "custom"
}
]
},
{
"vendor": "Ping Identity",
"product": "PingFederate (includes PingID Adapter)",
"versions": [
{
"version": "11.1.0",
"status": "affected",
"lessThan": "11.1.0*",
"versionType": "custom"
},
{
"version": "11.1.5",
"status": "affected",
"lessThanOrEqual": "11.1.5",
"versionType": "custom"
},
{
"version": "11.2.0",
"status": "affected",
"lessThan": "11.2.0*",
"versionType": "custom"
},
{
"version": "11.2.2",
"status": "affected",
"lessThanOrEqual": "11.2.2",
"versionType": "custom"
}
]
}
]Related
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
7.7 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.7%