90 matches found
Ping Identity: Internal Hostname disclosure from multiple Apache servers via blank host header method
This vulnerability was due to a general misconfiguration of Apache servers; this is a good example of the importance of "Secure Defaults" in open-source projects. An example of a generic request and response would be: openssl sclient -connect apache.example.com:443 GET apache.example.com/foo...
Ping Identity: CSRF in Inviting users
NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: add summary of the vulnerabili...
PingID MFA Cross Site Scripting
COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: PingID MFA 1 Vendor: Ping Identity Corporation CSNC ID: CSNC-2017-013 Subject: Reflected Cross-Site Scripting Risk: High Effect: Remotely exploitable Author: Stephan Sekula Date: 18.04.2017 Introduction:...
Design/Logic Flaw
Modauthopenidc.c in the Ping Identity OpenID Connect authentication module for Apache aka modauthopenidc before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request...
CVE-2017-6059
Modauthopenidc.c in the Ping Identity OpenID Connect authentication module for Apache aka modauthopenidc before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request...
CVE-2017-6059
CVE-2017-6059 affects the Ping Identity OpenID Connect module for Apache (mod_auth_openidc) prior to 2.14. The issue allows remote attackers to spoof page content by presenting a malicious URL that triggers an invalid request, due to improper handling within mod_auth_openidc.c. The vulnerability’...
CVE-2017-6059
Modauthopenidc.c in the Ping Identity OpenID Connect authentication module for Apache aka modauthopenidc before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request...
Ping Identity 'mod_auth_openidc' Module Authentication Bypass Vulnerability
Ping Identity 'modauthopenidc' module is an authentication/authorization module for the Apache 2.x HTTP server used to authenticate users against the OpenID connection provider. An authentication bypass vulnerability exists in the Ping Identity 'modauthopenidc' module. An attacker can use this...
Ping Identity 'mod_auth_openidc' Module Content Spoofing Vulnerability
Ping Identity, a cloud security services company, provides enterprise identity security services to its customers. A content spoofing vulnerability exists in the Ping Identity 'modauthopenidc' module, which stems from a failure to adequately validate user input. An attacker could exploit the...
Ping Identity 'mod_auth_openidc' Module Authentication Bypass Vulnerability
Ping Identity, a cloud security services company, provides enterprise identity security services to its customers. An authentication bypass vulnerability exists in Ping Identity 'modauthopenidc'. An attacker could use this vulnerability to bypass the authentication mechanism to perform unauthoriz...