Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PingOne MFA Integration Kit MFA bypass
Vulnerability Description
PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from the target’s existing registered devices. A threat actor might be able to exploit this vulnerability to register their own MFA device with a target user’s account if they have existing knowledge of the target user’s first factor credential.
CVSS Information
N/A
Vulnerability Type
使用欺骗进行的认证绕过
Vulnerability Title
PingOne MFA Integration Kit 2.3.1 安全漏洞
Vulnerability Description
PingOne MFA Integration Kit是Ping Identity的一个集成工具包,旨在帮助开发者将多因素认证(Multi-Factor Authentication, MFA)功能集成到他们的应用程序或服务中。 PingOne MFA Integration Kit 2.3.1之前版本存在安全漏洞,该漏洞源于可能允许新的MFA设备无需进行第二因素身份验证就可以与目标用户帐户配对。
CVSS Information
N/A
Vulnerability Type
N/A