CVE-2025-27935

The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication...

CVE-2025-27935

The CVE-2025-27935 issue concerns the OTP Integration Kit for PingFederate. According to connected sources, it fails to enforce HTTP method validation and state validation, allowing the server to advance authentication without verifying the OTP and effectively bypassing multi-factor authenticatio...

Ping Identity One-Time Passcode Integration Kit for PingFederate 安全漏洞

Ping Identity One-Time Passcode Integration Kit for PingFederate is a suite of software tools and adapters from Ping Identity USA. A security vulnerability exists in Ping Identity One-Time Passcode Integration Kit for PingFederate that stems from not properly validating the HTTP method and state,...

Ping Identity PingFederate 安全漏洞

Ping Identity PingFederate is a flagship software-based federation server from US-based Ping Identity, Inc. for identity management. Ping Identity PingFederate suffers from a security vulnerability that stems from failure to clean user-supplied data and could lead to the execution of JavaScript...

Ping Identity PingFederate PingOne MFA Integration Kit Security Vulnerability

Ping Identity PingFederate PingOne MFA Integration Kit is from Ping Identity This integration kit allows PingFederate to use the PingOne MFA service for multi-factor authentication MFA. A security vulnerability exists in Ping Identity PingFederate PingOne MFA Integration Kit versions prior to...

Ping Identity PingFederate 代码问题漏洞

Ping Identity PingFederate is a flagship software-based federation server in the United States. It is used for identity management. Ping Identity PingFederate has a code issue vulnerability that stems from the presence of a Server Request Forgery SSRF vulnerability...

Ping Identity PingFederate Authorization Issues Vulnerability

Ping Identity PingFederate is a flagship software-based federation server in the United States. used for identity management. A security vulnerability exists in Ping Identity PingFederate that stems from the possibility of bypassing authentication under certain configurations...

Ping Identity PingFederate Access Control Error Vulnerability

Ping Identity PingFederate is a flagship software-based federation server in the United States. for identity management. Ping Identity PingFederate suffers from a security vulnerability that stems from the use of the PingOne MFA Adapter to pair new MFA devices without the need for second-factor...

PT-2023-25882 · Ping Identity · Pingfederate Identifier First Adapter

Name of the Vulnerable Software and Affected Versions: PingFederate Identifier First Adapter affected versions not specified Description: The issue allows for authentication bypass under a very specific and highly unrecommended configuration in the PingFederate Identifier First Adapter...

Ping Identity PingFederate 跨站请求伪造漏洞

Ping Identity PingFederate is a flagship software-based federation server in the United States. used for identity management. Ping Identity PingFederate suffers from a cross-site request forgery vulnerability that stems from the /pf/idprofile.ping endpoint being susceptible to cross-site request...

Ping Identity PingFederate 代码问题漏洞

Ping Identity PingFederate is a flagship software-based federation server in the United States. used for identity management. A security vulnerability exists in Ping Identity PingFederate that stems from improper handling of pre-parsed validation, resulting in an XXE attack that can enable XML fi...

CVE-2021-40329

The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management...