EUVD-2023-44927

Malicious code in bioql PyPI...

CVE-2022-23723

An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow...

CVE-2023-40356

PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from the target’s...

CVE-2023-40702

PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate a...

CVE-2023-40356 PingOne MFA Integration Kit MFA bypass

PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from the target’s...

CVE-2023-40356

Affected software: PingOne MFA Integration Kit. Vulnerability: a flaw in the MFA setup prompt could allow pairing a new MFA device with a target user without requiring second‑factor authentication from the user’s existing devices. Root cause / trigger (as stated): may be exploited by a threat act...

CVE-2023-39231 PingFederate PingOne MFA IK Device Pairing Second Factor Authentication Bypass

PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's...