Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials.
References
Link | Resource |
---|---|
https://docs.pingidentity.com/bundle/pingid/page/xqz1597139945488.html | Vendor Advisory |
https://www.pingidentity.com/en/resources/downloads/pingid.html | Product Vendor Advisory |
Configurations
History
27 Jun 2023, 02:43
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-798 |
Information
Published : 2022-05-04 17:15
Updated : 2024-02-28 19:09
NVD link : CVE-2022-23724
Mitre link : CVE-2022-23724
CVE.ORG link : CVE-2022-23724
JSON object : View
Products Affected
pingidentity
- pingid_integration_for_windows_login