Filtered by vendor Pingidentity
Subscriptions
Filtered by product Pingone Mfa Integration Kit
Subscriptions
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-40702 | 1 Pingidentity | 1 Pingone Mfa Integration Kit | 2024-11-21 | N/A |
PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate as a target user if they have existing knowledge of the target user’s first-factor credentials. | ||||
CVE-2023-39231 | 1 Pingidentity | 1 Pingone Mfa Integration Kit | 2024-11-21 | 7.3 High |
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials. | ||||
CVE-2022-23723 | 1 Pingidentity | 1 Pingone Mfa Integration Kit | 2024-11-21 | 7.7 High |
An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow. |
Page 1 of 1.