cbcvebase.
CVE-2022-40722
published 2023-04-25

CVE-2022-40722: A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to…

PriorityP426medium5.8CVSS 3.1
AVNACHPRHUINSCCNIHAN
EPSS
0.33%
24.5th percentile
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA.

Affected

10 ranges
VendorProductVersion rangeFixed in
ping_identitypingfederate>= 11.1.0 < 11.1.0*11.1.0*
ping_identitypingfederate11.1.5 – 11.1.5
ping_identitypingfederate>= 11.2.0 < 11.2.0*11.2.0*
ping_identitypingfederate11.2.2 – 11.2.2
ping_identitypingid_adapter_for_pingfederate>= 2.13.2 < 2.13.22.13.2
ping_identitypingid_integration_kit>= 2.24 < 2.242.24
pingidentitypingfederate11.1.0 – 11.1.5
pingidentitypingfederate11.2.0 – 11.2.2
pingidentitypingid_adapter_for_pingfederate< 2.13.22.13.2
pingidentitypingid_integration_kit< 2.242.24
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.