CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23724 – PingID Integration for Windows Login MFA Bypass
https://notcve.org/view.php?id=CVE-2022-23724
Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials. Un uso de material de clave de encriptación estática permite falsificar un token de autenticación a otros usuarios dentro de una organización inquilina. MFA puede ser evitado redirigiendo un flujo de autenticación a un usuario objetivo. • https://docs.pingidentity.com/bundle/pingid/page/xqz1597139945488.html https://www.pingidentity.com/en/resources/downloads/pingid.html • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-310: Cryptographic Issues CWE-798: Use of Hard-coded Credentials •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-42001 – PingID Desktop encryption libraries misconfiguration can lead to sensitive data exposure
https://notcve.org/view.php?id=CVE-2021-42001
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP. PingID Desktop versiones anteriores a 1.7.3, presenta una configuración errónea en las bibliotecas de cifrado que puede conllevar a una exposición de datos confidenciales. Un atacante capaz de explotar esta vulnerabilidad puede ser capaz de completar con éxito un desafío MFA por medio de OTP • https://docs.pingidentity.com/bundle/pingid/page/dyt1645545885978.html https://www.pingidentity.com/en/resources/downloads/pingid.html • CWE-310: Cryptographic Issues •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41994 – PingID iOS mobile application prior to 1.19 vulnerable to pre-computed dictionary attacks
https://notcve.org/view.php?id=CVE-2021-41994
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. Una configuración errónea de RSA en la aplicación PingID para iOS versiones anteriores a 1.19, es vulnerable a ataques de diccionario precalculado, conllevando a una omisión de MFA sin conexión cuando es usado PingID Windows Login • https://docs.pingidentity.com/bundle/pingid/page/ejd1642076304199.html https://www.pingidentity.com/en/resources/downloads/pingid.html • CWE-310: Cryptographic Issues CWE-330: Use of Insufficiently Random Values •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41993 – PingID Android mobile application prior to 1.19 vulnerable to pre-computed dictionary attacks
https://notcve.org/view.php?id=CVE-2021-41993
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. Una configuración errónea de RSA en la aplicación PingID para Android versiones anteriores a 1.19, es vulnerable a ataques de diccionario precalculado, conllevando a una omisión de MFA sin conexión cuando es usado PingID Windows Login • https://docs.pingidentity.com/bundle/pingid/page/zvy1641459415679.html https://www.pingidentity.com/en/resources/downloads/pingid.html • CWE-310: Cryptographic Issues CWE-330: Use of Insufficiently Random Values •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41992 – PingID Windows Login RSA cryptographic weakness with possible offline MFA bypass
https://notcve.org/view.php?id=CVE-2021-41992
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. Una configuración errónea de RSA en PingID Windows Login versiones anteriores a 2.7, es vulnerable a ataques de diccionario precalculado, conllevando a una omisión de MFA sin conexión • https://docs.pingidentity.com/bundle/pingid/page/klc1641469599716.html https://www.pingidentity.com/en/resources/downloads/pingid.html • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-310: Cryptographic Issues •