Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39231 | 1 Pingidentity | 1 Pingone Mfa Integration Kit | 2023-12-10 | N/A | 6.5 MEDIUM |
| PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials. | |||||
| CVE-2022-23723 | 1 Pingidentity | 1 Pingone Mfa Integration Kit | 2023-12-10 | 5.0 MEDIUM | 7.7 HIGH |
| An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow. | |||||