CVE-2023-40702

Published: Jul 9, 2024

Modified: Aug 2, 2024

PUBLISHED

Description

PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate as a target user if they have existing knowledge of the target user’s first-factor credentials.

Vendor	Product	Versions
Ping Identity	PingOne MFA Integration Kit for PingFederate	affected `0 - < 2.3.1`

Weaknesses (CWE)

CWE-290

References

https://docs.pingidentity.com/r/en-us/pingfederate-pingone-mfa-ik/bks1657303194394

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-40702

Description

Affected Products

Weaknesses (CWE)

References