Vulnerabilities > Pingidentity > Pingid Integration FOR Windows Login > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-30	CVE-2022-23717	Improper Resource Shutdown or Release vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication. local low complexity pingidentity CWE-404	5.5
2022-06-30	CVE-2022-23719	Missing Authentication for Critical Function vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. local high complexity pingidentity CWE-306	6.4
2022-06-30	CVE-2022-23725	Incorrect Permission Assignment for Critical Resource vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances. local low complexity pingidentity CWE-732	5.5
2022-04-30	CVE-2021-41992	Improper Authentication vulnerability in Pingidentity Pingid Integration for Windows Login A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. local high complexity pingidentity CWE-287	5.6

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.