CVE-2025-27935 Authentication Bypass in OTP (One-time Passcode) IdP Adapter Integration Kit

The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication...

CVE-2025-27935

The CVE-2025-27935 issue concerns the OTP Integration Kit for PingFederate. According to connected sources, it fails to enforce HTTP method validation and state validation, allowing the server to advance authentication without verifying the OTP and effectively bypassing multi-factor authenticatio...

EUVD-2021-25632

Malware in sbrugna...

EUVD-2019-5019

Malware in sbrugna...

CVE-2022-23723

An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow...

CVE-2023-40356

PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from the target’s...

CVE-2023-40702

PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate a...

CVE-2023-40356

Affected software: PingOne MFA Integration Kit. Vulnerability: a flaw in the MFA setup prompt could allow pairing a new MFA device with a target user without requiring second‑factor authentication from the user’s existing devices. Root cause / trigger (as stated): may be exploited by a threat act...

CVE-2023-40356 PingOne MFA Integration Kit MFA bypass

PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from the target’s...

CVE-2023-40702

CVE-2023-40702 affects PingOne MFA Integration Kit (Ping Identity). The vulnerability arises from misconfiguration of the skipMFA action, allowing a bypass of second-factor authentication so a threat actor with knowledge of a target user’s first-factor credentials can authenticate as that user. R...

CVE-2023-40702 PingOne MFA Integration Kit MFA bypass

PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate a...

Ping Identity PingFederate PingOne MFA Integration Kit Security Vulnerability

Ping Identity PingFederate PingOne MFA Integration Kit is from Ping Identity This integration kit allows PingFederate to use the PingOne MFA service for multi-factor authentication MFA. A security vulnerability exists in Ping Identity PingFederate PingOne MFA Integration Kit versions prior to...

PingOne MFA Integration Kit Security Vulnerability

The PingOne MFA Integration Kit is an integration kit from Ping Identity designed to help developers integrate Multi-Factor Authentication MFA functionality into their applications or services. A security vulnerability exists in PingOne MFA Integration Kit versions prior to 2.3.1, which stems fro...

CVE-2022-23723

An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow...

CVE-2022-23723

An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow...

Security feature bypass

An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow...

CVE-2022-23723 PingFederate PingOneMFA Integration Kit MFA Bypass

An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow...

CVE-2022-23723

The CVE-2022-23723 entry concerns PingFederate PingOne MFA Integration Kit. A vulnerability exists where MFA can be bypassed when adapter HTML templates are used within an authentication flow. Affected: PingFederate PingOne MFA Integration Kit (HTML adapters in the login flow). Root cause: bypass...

CVE-2021-39270

In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur...

CVE-2021-39270

In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur...