Lucene search

Ping IdentityCVELIST:CVE-2022-40725

HistoryApr 25, 2023 - 12:00 a.m.

CVE-2022-40725 PingID Desktop PIN attempt lockout bypass.

2023-04-2500:00:00

CWE-288

Ping Identity

www.cve.org

cve-2022-40725

pingid desktop

lockout bypass

vulnerability

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

0.0004 Low

EPSS

Percentile

9.2%

JSON

PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated.

CNA Affected

[
  {
    "vendor": "Ping Identity",
    "product": "PingID Desktop for Windows",
    "versions": [
      {
        "version": "1.7.4",
        "status": "affected",
        "lessThan": "1.7.4",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Ping Identity",
    "product": "PingID Desktop for macOS",
    "versions": [
      {
        "version": "1.7.4",
        "status": "affected",
        "lessThan": "1.7.4",
        "versionType": "custom"
      }
    ]
  }
]

References

docs.pingidentity.com/r/en-us/pingid/desktop_app_1.7.4

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVELIST:CVE-2022-40725