Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PingFederate PingOne MFA IK Device Pairing Second Factor Authentication Bypass
Vulnerability Description
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
使用候选路径或通道进行的认证绕过
Vulnerability Title
Ping Identity PingFederate 访问控制错误漏洞
Vulnerability Description
Ping Identity PingFederate是美国的一个基于软件的旗舰联合服务器。用于身份管理。 Ping Identity PingFederate 存在安全漏洞,该漏洞源于使用 PingOne MFA 适配器对新的 MFA 设备进行配对时,无需对现有注册设备进行第二因素身份验证,攻击者利用该漏洞可以注册自己的 MFA 设备。
CVSS Information
N/A
Vulnerability Type
N/A