CVE-2022-40725 – PingID Desktop PIN attempt lockout bypass.
https://notcve.org/view.php?id=CVE-2022-40725
PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated. • https://docs.pingidentity.com/r/en-us/pingid/desktop_app_1.7.4 • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-306: Missing Authentication for Critical Function •
CVE-2021-42001 – PingID Desktop encryption libraries misconfiguration can lead to sensitive data exposure
https://notcve.org/view.php?id=CVE-2021-42001
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP. PingID Desktop versiones anteriores a 1.7.3, presenta una configuración errónea en las bibliotecas de cifrado que puede conllevar a una exposición de datos confidenciales. Un atacante capaz de explotar esta vulnerabilidad puede ser capaz de completar con éxito un desafío MFA por medio de OTP • https://docs.pingidentity.com/bundle/pingid/page/dyt1645545885978.html https://www.pingidentity.com/en/resources/downloads/pingid.html • CWE-310: Cryptographic Issues •