Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PingFederate Password Reset via Authentication API Mishandling
Vulnerability Description
When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password.
CVSS Information
N/A
Vulnerability Type
使用候选路径或通道进行的认证绕过
Vulnerability Title
Ping Identity PingFederate授权问题漏洞
Vulnerability Description
Ping Identity PingFederate是美国的一个基于软件的旗舰联合服务器。用于身份管理。 Ping Identity PingFederate存在安全漏洞,当密码重置机制配置为使用身份验证 API 和身份验证策略、电子邮件一次性密码、PingID 或 SMS 身份验证时,现有用户可以利用该漏洞重置另一个现有用户的密码。
CVSS Information
N/A
Vulnerability Type
N/A