Pingidentity: >> Pingone Mfa Integration Kit Security Vulnerabilities
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials.
CVSS Score
7.3
EPSS Score
0.001
Published
2023-10-25
An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.
CVSS Score
7.7
EPSS Score
0.002
Published
2022-05-02