Lucene search
K

156 matches found

OSV
OSV
added 2023/04/25 7:15 p.m.3 views

CVE-2022-23721

PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times...

3.3CVSS5.8AI score0.00218EPSS
Exploits0References1
Prion
Prion
added 2023/04/25 7:15 p.m.21 views

Authentication flaw

The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations...

4CVSS6.7AI score0.00517EPSS
Exploits0References1Affected Software3
Prion
Prion
added 2023/04/25 7:15 p.m.16 views

Design/Logic Flaw

A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...

1.7CVSS5.7AI score0.00328EPSS
Exploits0References2Affected Software3
Prion
Prion
added 2023/04/25 7:15 p.m.16 views

Design/Logic Flaw

PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times...

1.7CVSS4.2AI score0.00218EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/04/25 7:15 p.m.14 views

Design/Logic Flaw

PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated...

3.2CVSS6.3AI score0.00187EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.6 views

Ping Identity Windows PingId 注入漏洞

Ping Identity Windows PingId is a software from Ping Identity USA that provides security for applications. A security vulnerability exists in Ping Identity Windows PingId versions prior to 2.9 that stems from a username conflict issue that is triggered when two people with the same username are...

3.8CVSS4.9AI score0.00218EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/04/25 12:0 a.m.8 views

PT-2023-13900 · Ping Identity · Pingid Desktop

Name of the Vulnerable Software and Affected Versions: PingID Desktop versions prior to 1.7.4 Description: The issue allows attackers to bypass the maximum PIN attempts permitted before the time-based lockout is activated. This can be exploited in PingID Desktop. Recommendations: For versions pri...

7.3CVSS6.2AI score0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/04/25 12:0 a.m.10 views

CVE-2022-23721 PingID integration for Windows login duplicate username collision.

PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times...

3.8CVSS6.9AI score0.00218EPSS
Exploits0References1
CVE
CVE
added 2023/04/25 12:0 a.m.39 views

CVE-2022-23721

CVE-2022-23721 affects PingID integration for Windows login prior to version 2.9. The issue arises because the component does not handle duplicate usernames, enabling a username collision when two users with the same username are provisioned on the same machine at different times. Impact is descr...

3.8CVSS3.9AI score0.00218EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/25 12:0 a.m.8 views

CVE-2022-40722 Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate.

A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...

7.7CVSS7.1AI score0.00328EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/25 12:0 a.m.8 views

PT-2023-13897 · Ping Identity · Pingid Adapter For Pingfederate

Name of the Vulnerable Software and Affected Versions: PingID Adapter for PingFederate affected versions not specified Description: A misconfiguration of RSA padding in the PingID Adapter for PingFederate, used to support Offline MFA with PingID mobile authenticators, makes it vulnerable to...

7.7CVSS5.4AI score0.00328EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/04/25 12:0 a.m.23 views

CVE-2022-23721 PingID integration for Windows login duplicate username collision.

PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times...

3.8CVSS4.6AI score0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.6 views

PingID Adapter 加密问题漏洞

PingID Adapter is a middleware for authentication and access control from Ping Identity. A security vulnerability exists in PingID Adapter that stems from the vulnerability of offline MFA to pre-computed dictionary attacks, which can lead to offline MFA being bypassed...

7.7CVSS5.9AI score0.00328EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/04/25 12:0 a.m.6 views

PT-2023-12732 · Ping Identity · Pingid Integration For Windows Login

Name of the Vulnerable Software and Affected Versions: PingID integration for Windows login versions prior to 2.9 Description: The issue arises from the PingID integration for Windows login not handling duplicate usernames. This can lead to a username collision when two people with the same...

3.8CVSS3.9AI score0.00218EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/04/25 12:0 a.m.12 views

CVE-2022-40725 PingID Desktop PIN attempt lockout bypass.

PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated...

7.3CVSS7.2AI score0.00187EPSS
Exploits0References1
CVE
CVE
added 2023/04/25 12:0 a.m.36 views

CVE-2022-40723

The CVE-2022-40723 entry concerns the PingID RADIUS PCV adapter for PingFederate. Reports in connected sources confirm a configuration-based MFA bypass vulnerability in this component (PingID RADIUS PCV adapter) with no explicit affected version ranges provided. Documented impact is MFA bypass un...

6.5CVSS6.7AI score0.00517EPSS
Exploits0References1Affected Software3
CVE
CVE
added 2023/04/25 12:0 a.m.52 views

CVE-2022-40725

The CVE-2022-40725 entry affects PingID Desktop prior to version 1.7.4. The reported issue allows a local attacker to bypass the maximum PIN attempts before the time-based lockout activates, effectively defeating the PIN-based access control. The vulnerability is described consistently across mul...

7.3CVSS6.4AI score0.00187EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/25 12:0 a.m.38 views

CVE-2022-40722

CVE-2022-40722 concerns a misconfiguration of RSA padding in the PingID Adapter for PingFederate used to support Offline MFA with PingID mobile authenticators. Red Hat, NVD, CNNVD and other sources describe that this faulty padding enables pre-computed dictionary attacks that bypass offline MFA. ...

7.7CVSS5.9AI score0.00328EPSS
Exploits0References2Affected Software3
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.7 views

Ping Identity PingID Desktop 访问控制错误漏洞

Ping Identity PingID Desktop is a software from Ping Identity. You can view the OTP or generate a new password for authentication. A security vulnerability exists in Ping Identity PingID Desktop prior to version 1.7.4 that stems from bypassing the maximum number of PIN attempts allowed before...

7.3CVSS6.2AI score0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/04/25 12:0 a.m.7 views

CVE-2022-40723 Configuration-based MFA Bypass in PingID RADIUS PCV.

The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations...

6.5CVSS7.4AI score0.00517EPSS
Exploits0References1
Rows per page
Query Builder