Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials.
References
Link | Resource |
---|---|
https://docs.pingidentity.com/bundle/pingid/page/xqz1597139945488.html | Vendor Advisory |
https://www.pingidentity.com/en/resources/downloads/pingid.html | Product Vendor Advisory |
https://docs.pingidentity.com/bundle/pingid/page/xqz1597139945488.html | Vendor Advisory |
https://www.pingidentity.com/en/resources/downloads/pingid.html | Product Vendor Advisory |
Configurations
History
21 Nov 2024, 06:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://docs.pingidentity.com/bundle/pingid/page/xqz1597139945488.html - Vendor Advisory | |
References | () https://www.pingidentity.com/en/resources/downloads/pingid.html - Product, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.5
v3 : 6.4 |
27 Jun 2023, 02:43
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-798 |
Information
Published : 2022-05-04 17:15
Updated : 2024-11-21 06:49
NVD link : CVE-2022-23724
Mitre link : CVE-2022-23724
CVE.ORG link : CVE-2022-23724
JSON object : View
Products Affected
pingidentity
- pingid_integration_for_windows_login