CVE-2022-23720 - OpenCVE

PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrator privileged PingID API credentials, such as those typically used by PingFederate, into PingID Windows Login user endpoints. Using sensitive full permissions properties file outside of a privileged trust boundary leads to an increased risk of exposure or discovery, and an attacker could leverage these credentials to perform administrative actions against PingID APIs or endpoints.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pingidentity	Pingid Integration For Windows Login

Configuration 1 [-]

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html
https://www.pingidentity.com/en/resources/downloads/pingid.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: Ping Identity

Published: 2022-06-30T19:25:41

Updated: 2024-08-03T03:51:45.962Z

Reserved: 2022-01-19T00:00:00

Link: CVE-2022-23720

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-06-30T20:15:08.377

Modified: 2022-07-13T17:13:27.253

Link: CVE-2022-23720

Redhat

No data.

{"containers": {"cna": {"affected": [{"platforms": ["Windows"], "product": "PingID Windows Login", "vendor": "Ping Identity", "versions": [{"lessThan": "2.8", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Ping Identity credits The Commonwealth Bank of Australia for the discovery of this vulnerability."}], "descriptions": [{"lang": "en", "value": "PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrator privileged PingID API credentials, such as those typically used by PingFederate, into PingID Windows Login user endpoints. Using sensitive full permissions properties file outside of a privileged trust boundary leads to an increased risk of exposure or discovery, and an attacker could leverage these credentials to perform administrative actions against PingID APIs or endpoints."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-648", "description": "CWE-648 Incorrect Use of Privileged APIs", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-30T19:25:41", "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e", "shortName": "Ping Identity"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"}, {"tags": ["x_refsource_MISC"], "url": "https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html"}], "source": {"advisory": "SECADV031", "discovery": "EXTERNAL"}, "title": "PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "responsible-disclosure@pingidentity.com", "ID": "CVE-2022-23720", "STATE": "PUBLIC", "TITLE": "PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PingID Windows Login", "version": {"version_data": [{"platform": "Windows", "version_affected": "<", "version_value": "2.8"}]}}]}, "vendor_name": "Ping Identity"}]}}, "credit": [{"lang": "eng", "value": "Ping Identity credits The Commonwealth Bank of Australia for the discovery of this vulnerability."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrator privileged PingID API credentials, such as those typically used by PingFederate, into PingID Windows Login user endpoints. Using sensitive full permissions properties file outside of a privileged trust boundary leads to an increased risk of exposure or discovery, and an attacker could leverage these credentials to perform administrative actions against PingID APIs or endpoints."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-648 Incorrect Use of Privileged APIs"}]}, {"description": [{"lang": "eng", "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}]}, "references": {"reference_data": [{"name": "https://www.pingidentity.com/en/resources/downloads/pingid.html", "refsource": "MISC", "url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"}, {"name": "https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html", "refsource": "MISC", "url": "https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html"}]}, "source": {"advisory": "SECADV031", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:51:45.962Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html"}]}]}, "cveMetadata": {"assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e", "assignerShortName": "Ping Identity", "cveId": "CVE-2022-23720", "datePublished": "2022-06-30T19:25:41", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2024-08-03T03:51:45.962Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:*:*:*:*:*:*:*:*", "matchCriteriaId": "D631B535-D41D-4179-8E1B-CCAC61DC5236", "versionEndExcluding": "2.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrator privileged PingID API credentials, such as those typically used by PingFederate, into PingID Windows Login user endpoints. Using sensitive full permissions properties file outside of a privileged trust boundary leads to an increased risk of exposure or discovery, and an attacker could leverage these credentials to perform administrative actions against PingID APIs or endpoints."}, {"lang": "es", "value": "PingID Windows Login versiones anteriores a 2.8, no alerta o detiene la operaci\u00f3n si ha sido provisto con el archivo de propiedades de PingID con todos los permisos. Un administrador de TI podr\u00eda desplegar por error credenciales de API PingID con privilegios de administrador, como los usados t\u00edpicamente por PingFederate, en los endpoints de usuario de PingID Windows Login. El uso de un archivo de propiedades de permisos completos confidenciales fuera de un l\u00edmite confiable privilegiado conlleva a un mayor riesgo de exposici\u00f3n o detecci\u00f3n, y un atacante podr\u00eda aprovechar estas credenciales para llevar a cabo acciones administrativas contra las APIs de PingID o los endpoints"}], "id": "CVE-2022-23720", "lastModified": "2022-07-13T17:13:27.253", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 6.0, "source": "responsible-disclosure@pingidentity.com", "type": "Secondary"}]}, "published": "2022-06-30T20:15:08.377", "references": [{"source": "responsible-disclosure@pingidentity.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html"}, {"source": "responsible-disclosure@pingidentity.com", "tags": ["Product", "Vendor Advisory"], "url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"}], "sourceIdentifier": "responsible-disclosure@pingidentity.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-288"}, {"lang": "en", "value": "CWE-648"}], "source": "responsible-disclosure@pingidentity.com", "type": "Secondary"}]}