PingID Desktop PIN attempt lockout bypass.
CVE-2022-40725

7.3HIGH

Key Information:

Vendor: Ping Identity
Status: Pingid Desktop For Windows; Pingid Desktop For Mac OS
Vendor: CVE Published:; 25 April 2023

🔔 Create Ping Identity Vulnerability Alert

What is CVE-2022-40725?

PingID Desktop prior to version 1.7.4 contains a vulnerability that allows attackers to bypass the maximum allowed PIN attempts. This exploitation can prevent the time-based lockout mechanism from triggering, potentially allowing unauthorized users to gain access to sensitive accounts. Organizations should ensure they are using the latest version of PingID Desktop to mitigate this risk.

Affected Version(s)

PingID Desktop for macOS 1.7.4

PingID Desktop for Windows 1.7.4

References

https://docs.pingidentity.com/r/en-us/pingid/desktop_app_...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2023
Vulnerability Reserved
Sep 14, 2022