CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39930 – PingFederate PingID Radius PCV Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-39930
A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request. Existe una vulnerabilidad de omisión de autenticación de primer factor en PingFederate con PingID Radius PCV cuando se envía una solicitud de autenticación MSCHAP a través de una solicitud de cliente RADIUS manipulada con fines malintencionados. • https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_26_rn https://www.pingidentity.com/en/resources/downloads/pingfederate.html • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-306: Missing Authentication for Critical Function •
CVSS: 3.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23721 – PingID integration for Windows login duplicate username collision.
https://notcve.org/view.php?id=CVE-2022-23721
PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times. • https://docs.pingidentity.com/r/en-us/pingid/davinci_pingid_windows_login_relnotes_2.9 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-694: Use of Multiple Resources with Duplicate Identifier •
CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40722 – Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate.
https://notcve.org/view.php?id=CVE-2022-40722
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA. • https://docs.pingidentity.com/r/en-us/pingid/pingid_adapter_configuring_offline_mfa https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_20_rn • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-780: Use of RSA Algorithm without OAEP •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-40723 – Configuration-based MFA Bypass in PingID RADIUS PCV.
https://notcve.org/view.php?id=CVE-2022-40723
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations. • https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_19_rn • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23725 – PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances
https://notcve.org/view.php?id=CVE-2022-23725
PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances. PingID Windows Login versiones anteriores a 2.8, no establece correctamente los permisos en las entradas del Registro de Windows usadas para almacenar claves confidenciales de la API en algunas circunstancias • https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html https://www.pingidentity.com/en/resources/downloads/pingid.html • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-522: Insufficiently Protected Credentials CWE-732: Incorrect Permission Assignment for Critical Resource •