CVE-2023-39930 – PingFederate PingID Radius PCV Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-39930
A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request. Existe una vulnerabilidad de omisión de autenticación de primer factor en PingFederate con PingID Radius PCV cuando se envía una solicitud de autenticación MSCHAP a través de una solicitud de cliente RADIUS manipulada con fines malintencionados. • https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_26_rn https://www.pingidentity.com/en/resources/downloads/pingfederate.html • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-306: Missing Authentication for Critical Function •
CVE-2022-40723 – Configuration-based MFA Bypass in PingID RADIUS PCV.
https://notcve.org/view.php?id=CVE-2022-40723
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations. • https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_19_rn • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •