CVE-2022-40723

Summary

The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.

Affected Software

VendorProductVersion RangeStatus
Ping IdentityPingID Radius PCV2.10.0affected
Ping IdentityPingID Radius PCV3.0.0 < 3.0.0*affected
Ping IdentityPingID Radius PCV3.0.2 <= 3.0.2affected
Ping IdentityPingID Integration Kit (includes Radius PCV)2.24 < 2.24affected
Ping IdentityPingFederate (includes Radius PCV)11.1.0 < 11.1.0*affected
Ping IdentityPingFederate (includes Radius PCV)11.1.5 <= 11.1.5affected
Ping IdentityPingFederate (includes Radius PCV)11.2.0 < 11.2.0*affected
Ping IdentityPingFederate (includes Radius PCV)11.2.2 <= 11.2.2affected

Weaknesses

  • CWE-305: CWE-305 Authentication Bypass by Primary Weakness

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References