CVE-2023-39231

CVSS V2 None CVSS V3 None

Description

PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials.

Overview

CVE ID
CVE-2023-39231

Assigner
Ping Identity

Vulnerability Status
PUBLISHED

Published Version
2023-10-24T19:56:06.690Z

Last Modified Date
2023-10-24T19:56:06.690Z

Weakness Enumerations

CWE	URL
CWE-288	http://cwe.mitre.org/data/definitions/288.html

References

Reference URL	Reference Tags
https://www.pingidentity.com/en/resources/downloads/pingid.html
https://docs.pingidentity.com/r/en-us/pingfederate-pingone-mfa-ik/bks1657303194394

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-39231
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39231

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 19:14:13				Added to TrackCVE