A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA.
CPE | Name | Operator | Version |
---|---|---|---|
pingfederate | ge | 11.1.0 | |
pingfederate | le | 11.1.5 | |
pingfederate | ge | 11.2.0 | |
pingfederate | le | 11.2.2 | |
pingid_adapter_for_pingfederate | lt | 2.13.2 | |
pingid_integration_kit | lt | 2.24 |