Описание
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.
Ссылки
- Vendor Advisory
- Product
- Vendor Advisory
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 2.7 (исключая)
cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:*:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.00148
Низкий
7.7 High
CVSS3
5.6 Medium
CVSS3
1.9 Low
CVSS2
Дефекты
CWE-288
CWE-287
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.
EPSS
Процентиль: 35%
0.00148
Низкий
7.7 High
CVSS3
5.6 Medium
CVSS3
1.9 Low
CVSS2
Дефекты
CWE-288
CWE-287