MFA Configuration Flaw in PingOne Integration Kit
CVE-2023-40356
Currently unrated
What is CVE-2023-40356?
The PingOne MFA Integration Kit contains a vulnerability related to the configuration of multi-factor authentication (MFA). Under specific circumstances, this configuration enables a new MFA device to be linked to a user's account without necessitating second-factor authentication from any currently registered devices. This vulnerability allows a threat actor, who possesses knowledge of the user’s first-factor credentials, to potentially exploit the situation by registering their own MFA device to gain unauthorized access to the target user’s account, resulting in significant security implications.