PingOne MFA Integration Kit MFA bypass
CVE-2023-40702

Currently unrated

Key Information:

Vendor: Ping Identity
Status: Pingone Mfa Integration Kit For Pingfederate
Vendor: CVE Published:; 9 July 2024

🔔 Create Ping Identity Vulnerability Alert

What is CVE-2023-40702?

The PingOne MFA Integration Kit has been identified to contain a vulnerability related to its skipMFA feature. This misconfiguration allows user authentication to occur without necessitating second factor verification from previously registered devices. Consequently, threat actors with knowledge of a user's first-factor credentials can potentially exploit this configuration flaw, enabling them to authenticate as the target user without proper authorization. This vulnerability presents significant risks to user accounts and overall security posture.

Affected Version(s)

PingOne MFA Integration Kit for PingFederate 0 < 2.3.1

References

https://docs.pingidentity.com/r/en-us/pingfederate-pingon...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2024