CVE-2022-40723— Configuration-based MFA Bypass in PingID RADIUS PCV.

CVSS 6.5 · Medium EPSS 0.18% · P39 Updated Feb 04, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-40723

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Configuration-based MFA Bypass in PingID RADIUS PCV.

Source: NVD (National Vulnerability Database)

Vulnerability Description

The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

使用基本弱点进行的认证绕过

Source: NVD (National Vulnerability Database)

Vulnerability Title

PingID Adapter 授权问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

PingID Adapter是Ping Identity的一款用于身份验证和访问控制的中间件。 PingID Adapter存在安全漏洞，该漏洞源于支持使用 PingID MFA 进行 RADIUS 身份验证，在某些配置下容易受到 MFA 绕过攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Ping Identity	PingID Radius PCV	2.10.0	-
Ping Identity	PingID Integration Kit (includes Radius PCV)	2.24 ~ 2.24	-
Ping Identity	PingFederate (includes Radius PCV)	11.1.0 ~ 11.1.0*	-

II. Public POCs for CVE-2022-40723

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-40723

请登录查看更多情报信息。

Same Patch Batch · Ping Identity · 2023-04-25 · 5 CVEs total

CVE-2022-40722	7.7 HIGH	Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate.
CVE-2022-40725	7.3 HIGH	PingID Desktop PIN attempt lockout bypass.
CVE-2022-40724	6.4 MEDIUM	Cross-Site Request Forgery on PingFederate Local Identity Profiles Endpoint.
CVE-2022-23721	3.8 LOW	PingID integration for Windows login duplicate username collision.

IV. Related Vulnerabilities

Same product: PingID Radius PCV

CVE-2023-39930
PingFederate PingID Radius PCV Authentication Bypass

Same vendor: Ping Identity

Same weakness: CWE-305

V. Comments for CVE-2022-40723

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-40723— Configuration-based MFA Bypass in PingID RADIUS PCV.

I. Basic Information for CVE-2022-40723

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-40723

III. Intelligence Information for CVE-2022-40723

Same Patch Batch · Ping Identity · 2023-04-25 · 5 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-40723

Leave a comment