Lucene search
HistoryApr 25, 2023 - 7:15 p.m.
CVE-2022-40723
pingfederate
radius authentication
mfa bypass
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
17.5%
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.
Affected configurations
Node
pingidentitypingfederateRange11.1.0–11.1.5
ORpingidentitypingfederateRange11.2.0–11.2.2
ORpingidentitypingid_integration_kitRange<2.24
ORpingidentityradius_pcvRange3.0.0–3.0.2
ORpingidentityradius_pcvMatch2.10.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| pingidentity | pingfederate | * | cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:* |
| pingidentity | pingid_integration_kit | * | cpe:2.3:a:pingidentity:pingid_integration_kit:*:*:*:*:*:*:*:* |
| pingidentity | radius_pcv | * | cpe:2.3:a:pingidentity:radius_pcv:*:*:*:*:*:*:*:* |
| pingidentity | radius_pcv | 2.10.0 | cpe:2.3:a:pingidentity:radius_pcv:2.10.0:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2022-40723 Configuration-based MFA Bypass in PingID RADIUS PCV.
2023-04-25 00:00:00
prion
prion
Authentication flaw
2023-04-25 19:15:00
cve
cve
CVE-2022-40723
2023-04-25 19:15:10
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
17.5%
Related for NVD:CVE-2022-40723