CVE-2022-40722

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-40722
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA.

5.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://docs.pingidentity.com/r/en-us/pingid/pingid_adapter_configuring_offline_mfa Product
https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_20_rn Release Notes
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*
cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*
cpe:2.3:a:pingidentity:pingid_adapter_for_pingfederate:*:*:*:*:*:*:*:*
cpe:2.3:a:pingidentity:pingid_integration_kit:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2023-04-25 19:15

Updated : 2024-02-28 20:13

NVD link : CVE-2022-40722

Mitre link : CVE-2022-40722

CVE.ORG link : CVE-2022-40722

JSON object : View

Products Affected

pingidentity

  • pingfederate
  • pingid_adapter_for_pingfederate
  • pingid_integration_kit
CWE
CWE-327

Use of a Broken or Risky Cryptographic Algorithm

CWE-780

Use of RSA Algorithm without OAEP