Vulnerability Details CVE-2022-40722
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.4%
CVSS Severity
CVSS v3 Score 7.7
References
- https://docs.pingidentity.com/r/en-us/pingid/pingid_adapter_configuring_offline_mfa
- https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_20_rn
- https://docs.pingidentity.com/r/en-us/pingid/pingid_adapter_configuring_offline_mfa
- https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_20_rn
Products affected by CVE-2022-40722
-
cpe:2.3:a:pingidentity:pingfederate:11.1.0
-
cpe:2.3:a:pingidentity:pingfederate:11.1.1
-
cpe:2.3:a:pingidentity:pingfederate:11.1.2
-
cpe:2.3:a:pingidentity:pingfederate:11.1.3
-
cpe:2.3:a:pingidentity:pingfederate:11.1.4
-
cpe:2.3:a:pingidentity:pingfederate:11.1.5
-
cpe:2.3:a:pingidentity:pingfederate:11.2.0
-
cpe:2.3:a:pingidentity:pingfederate:11.2.1
-
cpe:2.3:a:pingidentity:pingfederate:11.2.2
-
cpe:2.3:a:pingidentity:pingid_adapter_for_pingfederate:*
-
cpe:2.3:a:pingidentity:pingid_integration_kit:*