Описание
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials.
Ссылки
- Release Notes
- Product
- Release Notes
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:pingidentity:pingone_mfa_integration_kit:2.2:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.00145
Низкий
7.3 High
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-288
CWE-306
Связанные уязвимости
CVSS3: 7.3
github
больше 2 лет назад
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials.
EPSS
Процентиль: 35%
0.00145
Низкий
7.3 High
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-288
CWE-306