Vulnerabilities > Pingidentity > Pingid Integration FOR Windows Login > 1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-25 | CVE-2022-23721 | Injection vulnerability in Pingidentity Pingid Integration for Windows Login PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times. | 3.3 |
| 2022-06-30 | CVE-2022-23717 | Improper Resource Shutdown or Release vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication. | 5.5 |
| 2022-06-30 | CVE-2022-23718 | Unspecified vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. | 8.1 |
| 2022-06-30 | CVE-2022-23719 | Missing Authentication for Critical Function vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. | 6.4 |
| 2022-06-30 | CVE-2022-23720 | Improper Privilege Management vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. | 8.2 |
| 2022-06-30 | CVE-2022-23725 | Incorrect Permission Assignment for Critical Resource vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances. | 5.5 |
| 2022-05-04 | CVE-2022-23724 | Use of Hard-coded Credentials vulnerability in Pingidentity Pingid Integration for Windows Login Use of static encryption key material allows forging an authentication token to other users within a tenant organization. | 8.1 |
| 2022-04-30 | CVE-2021-41992 | Improper Authentication vulnerability in Pingidentity Pingid Integration for Windows Login A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | 5.6 |
| 2020-09-23 | CVE-2020-25826 | Incorrect Permission Assignment for Critical Resource vulnerability in Pingidentity Pingid Integration for Windows Login PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe. | 7.8 |