PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials.
References
Link | Resource |
---|---|
https://docs.pingidentity.com/r/en-us/pingfederate-pingone-mfa-ik/bks1657303194394 | Release Notes |
https://www.pingidentity.com/en/resources/downloads/pingid.html | Product |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Ping Identity
Published: 2023-10-24T19:56:06.690Z
Updated: 2023-10-24T19:56:06.690Z
Reserved: 2023-07-25T20:13:14.885Z
Link: CVE-2023-39231
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-25T18:17:29.030
Modified: 2023-10-31T18:47:42.620
Link: CVE-2023-39231
JSON object: View
Redhat Information
No data.