Lucene search
+L

153 matches found

vulnrichment
vulnrichment
added 2023/10/24 7:56 p.m.18 views

CVE-2023-39231 PingFederate PingOne MFA IK Device Pairing Second Factor Authentication Bypass

PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's...

7.3CVSS7.1AI score0.00535EPSS
Exploits0References2
cve
cve
added 2023/10/24 7:56 p.m.42 views

CVE-2023-39231

CVE-2023-39231 affects PingFederate with the PingOne MFA adapter, where a threat actor who knows a victim’s first-factor credentials can pair a new MFA device without second-factor authentication. Core impact is unauthorized MFA enrollment, risking account compromise. Affected product/adapter and...

7.3CVSS6.7AI score0.00535EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2023/10/24 7:56 p.m.28 views

CVE-2023-39231 PingFederate PingOne MFA IK Device Pairing Second Factor Authentication Bypass

PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's...

7.3CVSS7.4AI score0.00535EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/10/24 12:0 a.m.5 views

PT-2023-27162 · Ping Identity · Pingfederate

Name of the Vulnerable Software and Affected Versions: PingFederate with PingID Radius PCV affected versions not specified Description: A first-factor authentication bypass issue exists when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request. This allows for...

9.8CVSS9.3AI score0.00692EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2023/10/24 12:0 a.m.9 views

PT-2023-26844 · Unknown · Pingfederate

Name of the Vulnerable Software and Affected Versions: PingFederate affected versions not specified Description: The issue allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this to register...

7.3CVSS6.4AI score0.00535EPSS
Exploits0References6
nvd
nvd
added 2023/04/25 7:15 p.m.18 views

CVE-2022-40724

The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery CSRF through crafted GET requests...

8.8CVSS7.1AI score0.00181EPSS
Exploits0References1
nvd
nvd
added 2023/04/25 7:15 p.m.20 views

CVE-2022-40723

The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations...

6.5CVSS6.7AI score0.00517EPSS
Exploits0References1
osv
osv
added 2023/04/25 7:15 p.m.3 views

CVE-2022-40724

The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery CSRF through crafted GET requests...

8.8CVSS5.8AI score0.00181EPSS
Exploits0References1
osv
osv
added 2023/04/25 7:15 p.m.8 views

CVE-2022-40722

A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...

5.8CVSS5.8AI score0.00328EPSS
Exploits0References2
osv
osv
added 2023/04/25 7:15 p.m.5 views

CVE-2022-40723

The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations...

6.5CVSS5.8AI score0.00517EPSS
Exploits0References1
prion
prion
added 2023/04/25 7:15 p.m.22 views

Authentication flaw

The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations...

4CVSS6.7AI score0.00517EPSS
Exploits0References1Affected Software3
prion
prion
added 2023/04/25 7:15 p.m.11 views

Cross site request forgery (csrf)

The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery CSRF through crafted GET requests...

6.8CVSS8.7AI score0.00181EPSS
Exploits0References1Affected Software1
prion
prion
added 2023/04/25 7:15 p.m.16 views

Design/Logic Flaw

A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...

1.7CVSS5.7AI score0.00328EPSS
Exploits0References2Affected Software3
cve
cve
added 2023/04/25 12:0 a.m.36 views

CVE-2022-40723

The CVE-2022-40723 entry concerns the PingID RADIUS PCV adapter for PingFederate. Reports in connected sources confirm a configuration-based MFA bypass vulnerability in this component (PingID RADIUS PCV adapter) with no explicit affected version ranges provided. Documented impact is MFA bypass un...

6.5CVSS6.7AI score0.00517EPSS
Exploits0References1Affected Software3
vulnrichment
vulnrichment
added 2023/04/25 12:0 a.m.8 views

CVE-2022-40722 Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate.

A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...

7.7CVSS7.1AI score0.00328EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/04/25 12:0 a.m.11 views

PT-2023-13898 · Ping Identity · Pingid Radius Pcv Adapter

Name of the Vulnerable Software and Affected Versions: PingID RADIUS PCV adapter for PingFederate affected versions not specified Description: The issue concerns a bypass of multi-factor authentication MFA under certain configurations. It affects the PingID RADIUS PCV adapter for PingFederate,...

6.5CVSS6.6AI score0.00517EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2023/04/25 12:0 a.m.8 views

PT-2023-13897 · Ping Identity · Pingid Adapter For Pingfederate

Name of the Vulnerable Software and Affected Versions: PingID Adapter for PingFederate affected versions not specified Description: A misconfiguration of RSA padding in the PingID Adapter for PingFederate, used to support Offline MFA with PingID mobile authenticators, makes it vulnerable to...

7.7CVSS5.4AI score0.00328EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2023/04/25 12:0 a.m.9 views

CVE-2022-40724 Cross-Site Request Forgery on PingFederate Local Identity Profiles Endpoint.

The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery CSRF through crafted GET requests...

6.4CVSS7.3AI score0.00181EPSS
Exploits0References1
cve
cve
added 2023/04/25 12:0 a.m.38 views

CVE-2022-40722

CVE-2022-40722 concerns a misconfiguration of RSA padding in the PingID Adapter for PingFederate used to support Offline MFA with PingID mobile authenticators. Red Hat, NVD, CNNVD and other sources describe that this faulty padding enables pre-computed dictionary attacks that bypass offline MFA. ...

7.7CVSS5.9AI score0.00328EPSS
Exploits0References2Affected Software3
cvelist
cvelist
added 2023/04/25 12:0 a.m.20 views

CVE-2022-40724 Cross-Site Request Forgery on PingFederate Local Identity Profiles Endpoint.

The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery CSRF through crafted GET requests...

6.4CVSS9AI score0.00181EPSS
Exploits0References1
Rows per page
Query Builder