Pingidentity: >> Pingone Mfa Integration Kit >> 2.2 Security Vulnerabilities
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials.
CVSS Score
7.3
EPSS Score
0.001
Published
2023-10-25