CVE-2022-40725— PingID Desktop PIN attempt lockout bypass.
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-40725
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PingID Desktop PIN attempt lockout bypass.
Source: NVD (National Vulnerability Database)
Vulnerability Description
PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用候选路径或通道进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ping Identity PingID Desktop 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ping Identity PingID Desktop是Ping Identity公司的一个软件。可以查看OTP或生成新密码以进行身份验证。 Ping Identity PingID Desktop 1.7.4之前版本存在安全漏洞,该漏洞源于绕过激活基于时间的锁定之前允许的最大 PIN 尝试次数。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Ping Identity | PingID Desktop for Windows | 1.7.4 ~ 1.7.4 | - | |
| Ping Identity | PingID Desktop for macOS | 1.7.4 ~ 1.7.4 | - |
II. Public POCs for CVE-2022-40725
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-40725
请登录查看更多情报信息。
Same Patch Batch · Ping Identity · 2023-04-25 · 5 CVEs total
| CVE-2022-40722 | 7.7 HIGH | Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate. |
| CVE-2022-40723 | 6.5 MEDIUM | Configuration-based MFA Bypass in PingID RADIUS PCV. |
| CVE-2022-40724 | 6.4 MEDIUM | Cross-Site Request Forgery on PingFederate Local Identity Profiles Endpoint. |
| CVE-2022-23721 | 3.8 LOW | PingID integration for Windows login duplicate username collision. |
IV. Related Vulnerabilities
Same vendor: Ping Identity
- CVE-2025-20628
Insufficient granularity of access control for Remote Connec - CVE-2025-27935
Authentication Bypass in OTP (One-time Passcode) IdP Adapter - CVE-2025-26862
PingFederate unexpected browser flow initiation in redirectl - CVE-2024-25573
Stored Cross-Site Scripting in Administrative Console Contex - CVE-2025-22854
Possible thread exhaustion from processing http responses in
Same weakness: CWE-288
- CVE-2026-41308
Password Pusher: JSON API `/p.json` file upload alias bypass - CVE-2026-7458
User Verification by PickPlugins <= 2.0.46 - Unauthenticated - CVE-2026-7567
Temporary Login <= 1.0.0 - Authentication Bypass to Account - CVE-2026-40022
Apache Camel Platform HTTP Main: Authentication Bypass on No - CVE-2026-40630
SenseLive X3050 Authentication bypass using an alternate pat
V. Comments for CVE-2022-40725
No comments yet