CVE-2022-23723

Summary

An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.

Affected Software

VendorProductVersion RangeStatus
Ping IdentityPingFederate PingOne MFA Integration Kit1.4affected
Ping IdentityPingFederate PingOne MFA Integration Kit1.4.1affected
Ping IdentityPingFederate PingOne MFA Integration Kit1.5affected
Ping IdentityPingFederate PingOne MFA Integration Kit1.5.1affected
Ping IdentityPingFederate PingOne MFA Integration Kit1.5.2affected

Weaknesses

  • CWE-288: CWE-288 Authentication Bypass Using an Alternate Path or Channel

ADP Enrichment

CVE Program Container

Additional References

References