CVE-2022-23725

Summary

PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances.

Affected Software

VendorProductVersion RangeStatus
Ping IdentityPingID Windows Loginunspecified < 2.8affected

Weaknesses

  • CWE-522: CWE-522 Insufficiently Protected Credentials
  • CWE-288: CWE-288 Authentication Bypass Using an Alternate Path or Channel

ADP Enrichment

CVE Program Container

Additional References

References