Filtered by vendor Pingidentity Subscriptions
Filtered by product Pingone Mfa Integration Kit Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-40702 1 Pingidentity 1 Pingone Mfa Integration Kit 2024-11-21 N/A
PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate as a target user if they have existing knowledge of the target user’s first-factor credentials.
CVE-2023-39231 1 Pingidentity 1 Pingone Mfa Integration Kit 2024-11-21 7.3 High
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials.
CVE-2022-23723 1 Pingidentity 1 Pingone Mfa Integration Kit 2024-11-21 7.7 High
An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.