An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Pingone_mfa_integration_kit | Pingidentity | 1.4 (including) | 1.4 (including) |
Pingone_mfa_integration_kit | Pingidentity | 1.4.1 (including) | 1.4.1 (including) |
Pingone_mfa_integration_kit | Pingidentity | 1.5 (including) | 1.5 (including) |
Pingone_mfa_integration_kit | Pingidentity | 1.5.1 (including) | 1.5.1 (including) |
Pingone_mfa_integration_kit | Pingidentity | 1.5.2 (including) | 1.5.2 (including) |