CVE-2022-23721— PingID integration for Windows login duplicate username collision.

CVSS 3.8 · Low EPSS 0.22% · P44 Updated Feb 04, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-23721

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

PingID integration for Windows login duplicate username collision.

Source: NVD (National Vulnerability Database)

Vulnerability Description

PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

使用多个具有重复标识的资源

Source: NVD (National Vulnerability Database)

Vulnerability Title

Ping Identity Windows PingId 注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Ping Identity Windows PingId是美国Ping Identity公司的一款可以为应用程序提供安全保障的软件。 Ping Identity Windows PingId 2.9之前版本存在安全漏洞，该漏洞源于当两个具有相同用户名的人在不同时间配置到同一台机器上时，会触发用户名冲突问题。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Ping Identity	unspecified	2.9 ~ 2.9	-

II. Public POCs for CVE-2022-23721

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-23721

请登录查看更多情报信息。

Same Patch Batch · Ping Identity · 2023-04-25 · 5 CVEs total

CVE-2022-40722	7.7 HIGH	Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate.
CVE-2022-40725	7.3 HIGH	PingID Desktop PIN attempt lockout bypass.
CVE-2022-40723	6.5 MEDIUM	Configuration-based MFA Bypass in PingID RADIUS PCV.
CVE-2022-40724	6.4 MEDIUM	Cross-Site Request Forgery on PingFederate Local Identity Profiles Endpoint.

IV. Related Vulnerabilities

Same product: unspecified

Same vendor: Ping Identity

Same weakness: CWE-694

V. Comments for CVE-2022-23721

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-23721— PingID integration for Windows login duplicate username collision.

I. Basic Information for CVE-2022-23721

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-23721

III. Intelligence Information for CVE-2022-23721

Same Patch Batch · Ping Identity · 2023-04-25 · 5 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-23721

Leave a comment