Filtered by vendor Pingidentity
Subscriptions
Filtered by product Pingone Mfa Integration Kit
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39231 | 1 Pingidentity | 1 Pingone Mfa Integration Kit | 2024-09-11 | 7.3 High |
| PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials. | ||||
| CVE-2022-23723 | 1 Pingidentity | 1 Pingone Mfa Integration Kit | 2024-08-03 | 7.7 High |
| An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow. | ||||
| CVE-2023-40702 | 1 Pingidentity | 1 Pingone Mfa Integration Kit | 2024-08-02 | N/A |
| PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate as a target user if they have existing knowledge of the target user’s first-factor credentials. | ||||
Page 1 of 1.