CVE-2022-23722 - OpenCVE

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Pingidentity	Pingfederate

Configuration 1 [-]

OR	cpe:2.3:a:pingidentity:pingfederate::::::::
	cpe:2.3:a:pingidentity:pingfederate::::::::
	cpe:2.3:a:pingidentity:pingfederate::::::::
	cpe:2.3:a:pingidentity:pingfederate::::::::
	cpe:2.3:a:pingidentity:pingfederate::::::::
	cpe:2.3:a:pingidentity:pingfederate:9.3.3:p15::::::
	cpe:2.3:a:pingidentity:pingfederate:11.0.0:::::::*

References

Link	Resource
https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html	Release Notes Vendor Advisory
https://www.pingidentity.com/en/resources/downloads/pingfederate.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Ping Identity

Published: 2022-05-02T22:05:13

Updated: 2022-05-02T22:05:13

Reserved: 2022-01-19T00:00:00

Link: CVE-2022-23722

JSON object: View

NVD Information

Status : Modified

Published: 2022-05-02T22:15:09.647

Modified: 2023-11-07T03:44:17.477

Link: CVE-2022-23722

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "PingFederate", "vendor": "Ping Identity", "versions": [{"lessThanOrEqual": "11.0", "status": "affected", "version": "11.0", "versionType": "custom"}, {"lessThanOrEqual": "10.3.4", "status": "affected", "version": "10.3", "versionType": "custom"}, {"lessThanOrEqual": "10.2.7", "status": "affected", "version": "10.2", "versionType": "custom"}, {"lessThanOrEqual": "10.1.9", "status": "affected", "version": "10.1", "versionType": "custom"}, {"lessThanOrEqual": "10.0.12", "status": "affected", "version": "10.0", "versionType": "custom"}, {"lessThanOrEqual": "9.3.3P16", "status": "affected", "version": "9.3", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user\u2019s password."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-02T22:05:13", "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e", "shortName": "Ping Identity"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"}, {"tags": ["x_refsource_MISC"], "url": "https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html"}], "source": {"advisory": "SECBL021", "defect": ["PF-30450"], "discovery": "INTERNAL"}, "title": "PingFederate Password Reset via Authentication API Mishandling", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "responsible-disclosure@pingidentity.com", "ID": "CVE-2022-23722", "STATE": "PUBLIC", "TITLE": "PingFederate Password Reset via Authentication API Mishandling"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PingFederate", "version": {"version_data": [{"version_affected": "<=", "version_name": "11.0", "version_value": "11.0"}, {"version_affected": "<=", "version_name": "10.3", "version_value": "10.3.4"}, {"version_affected": "<=", "version_name": "10.2", "version_value": "10.2.7"}, {"version_affected": "<=", "version_name": "10.1", "version_value": "10.1.9"}, {"version_affected": "<=", "version_name": "10.0", "version_value": "10.0.12"}, {"version_affected": "<=", "version_name": "9.3", "version_value": "9.3.3P16"}]}}]}, "vendor_name": "Ping Identity"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user\u2019s password."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}]}, "references": {"reference_data": [{"name": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html", "refsource": "MISC", "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"}, {"name": "https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html", "refsource": "MISC", "url": "https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html"}]}, "source": {"advisory": "SECBL021", "defect": ["PF-30450"], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e", "assignerShortName": "Ping Identity", "cveId": "CVE-2022-23722", "datePublished": "2022-05-02T22:05:13", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2022-05-02T22:05:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF59C274-0837-41EF-BD03-B2C762B8AD2E", "versionEndExcluding": "9.3.3", "versionStartIncluding": "9.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C32AD2C-6B70-49E0-B4C1-829735EDBA35", "versionEndExcluding": "10.0.12", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", "matchCriteriaId": "23194E8C-C2BD-4A0C-875D-BBF15679A0F1", "versionEndExcluding": "10.1.9", "versionStartIncluding": "10.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", "matchCriteriaId": "0887EB34-CD7F-4A26-AEC5-DCC5DA07E795", "versionEndExcluding": "10.2.7", "versionStartIncluding": "10.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC079534-00BB-4965-88F1-D8FDF79FF35C", "versionEndExcluding": "10.3.4", "versionStartIncluding": "10.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pingidentity:pingfederate:9.3.3:p15:*:*:*:*:*:*", "matchCriteriaId": "742ABDC8-3F6F-4D21-9FFE-BDF5F098FD60", "vulnerable": true}, {"criteria": "cpe:2.3:a:pingidentity:pingfederate:11.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E04A442B-5726-4057-B6B3-7BB6021255AC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user\u2019s password."}, {"lang": "es", "value": "Cuando un mecanismo de restablecimiento de contrase\u00f1a est\u00e1 configurado para usar la API de Autenticaci\u00f3n con una Pol\u00edtica de Autenticaci\u00f3n, una Contrase\u00f1a de Una sola vez por correo electr\u00f3nico, PingID o autenticaci\u00f3n por SMS, un usuario existente puede restablecer la contrase\u00f1a de otro usuario existente"}], "id": "CVE-2022-23722", "lastModified": "2023-11-07T03:44:17.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-02T22:15:09.647", "references": [{"source": "responsible-disclosure@pingidentity.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html"}, {"source": "responsible-disclosure@pingidentity.com", "tags": ["Vendor Advisory"], "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"}], "sourceIdentifier": "responsible-disclosure@pingidentity.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-288"}], "source": "responsible-disclosure@pingidentity.com", "type": "Secondary"}]}