CVE-2022-23717 – PingID Windows Login prior to 2.8 denial of service condition
https://notcve.org/view.php?id=CVE-2022-23717
PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication. PingID Windows Login versiones anteriores a 2.8, es vulnerable a una condición de denegación de servicio en máquinas locales cuando es combinado con el uso de claves de seguridad sin conexión como parte de la autenticación • https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html https://www.pingidentity.com/en/resources/downloads/pingid.html • CWE-404: Improper Resource Shutdown or Release •
CVE-2022-23724 – PingID Integration for Windows Login MFA Bypass
https://notcve.org/view.php?id=CVE-2022-23724
Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials. Un uso de material de clave de encriptación estática permite falsificar un token de autenticación a otros usuarios dentro de una organización inquilina. MFA puede ser evitado redirigiendo un flujo de autenticación a un usuario objetivo. • https://docs.pingidentity.com/bundle/pingid/page/xqz1597139945488.html https://www.pingidentity.com/en/resources/downloads/pingid.html • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-310: Cryptographic Issues CWE-798: Use of Hard-coded Credentials •
CVE-2021-41992 – PingID Windows Login RSA cryptographic weakness with possible offline MFA bypass
https://notcve.org/view.php?id=CVE-2021-41992
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. Una configuración errónea de RSA en PingID Windows Login versiones anteriores a 2.7, es vulnerable a ataques de diccionario precalculado, conllevando a una omisión de MFA sin conexión • https://docs.pingidentity.com/bundle/pingid/page/klc1641469599716.html https://www.pingidentity.com/en/resources/downloads/pingid.html • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-310: Cryptographic Issues •
CVE-2020-25826
https://notcve.org/view.php?id=CVE-2020-25826
PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe. PingID Integration para Windows Login versiones anteriores a 2.4.2, permite a usuarios locales alcanzar privilegios al modificar el archivo CefSharp.BrowserSubprocess.exe • https://docs.pingidentity.com/bundle/pingid/page/xqz1597139945488.html https://gitlab.com/-/snippets/2017709 • CWE-732: Incorrect Permission Assignment for Critical Resource •