Описание
Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials.
Ссылки
- Vendor Advisory
- ProductVendor Advisory
- Vendor Advisory
- ProductVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.4.2 (исключая)
cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:*:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00084
Низкий
6.4 Medium
CVSS3
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-288
CWE-798
Связанные уязвимости
CVSS3: 8.1
github
почти 4 года назад
Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials.
EPSS
Процентиль: 25%
0.00084
Низкий
6.4 Medium
CVSS3
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-288
CWE-798