CVE Vulnerabilities

CVE-2022-23723

Authentication Bypass Using an Alternate Path or Channel

Published: May 02, 2022 | Modified: Nov 21, 2024
CVSS 3.x
7.7
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.

Weakness

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Affected Software

Name Vendor Start Version End Version
Pingone_mfa_integration_kit Pingidentity 1.4 (including) 1.4 (including)
Pingone_mfa_integration_kit Pingidentity 1.4.1 (including) 1.4.1 (including)
Pingone_mfa_integration_kit Pingidentity 1.5 (including) 1.5 (including)
Pingone_mfa_integration_kit Pingidentity 1.5.1 (including) 1.5.1 (including)
Pingone_mfa_integration_kit Pingidentity 1.5.2 (including) 1.5.2 (including)

Potential Mitigations

References