A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA.
References
Configurations
Configuration 1 (hide)
|
History
04 May 2023, 19:46
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://docs.pingidentity.com/r/en-us/pingid/pingid_adapter_configuring_offline_mfa - Product | |
| References | (MISC) https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_20_rn - Release Notes | |
| First Time |
Pingidentity pingid Adapter For Pingfederate
Pingidentity pingid Integration Kit Pingidentity Pingidentity pingfederate |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.8 |
| CWE | CWE-327 | |
| CPE | cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:* cpe:2.3:a:pingidentity:pingid_adapter_for_pingfederate:*:*:*:*:*:*:*:* cpe:2.3:a:pingidentity:pingid_integration_kit:*:*:*:*:*:*:*:* |
25 Apr 2023, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-04-25 19:15
Updated : 2023-05-04 19:46
NVD link : CVE-2022-40722
Mitre link : CVE-2022-40722
JSON object : View
Products Affected
pingidentity
- pingfederate
- pingid_adapter_for_pingfederate
- pingid_integration_kit
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm