Vulnerabilities > Pingidentity > Pingone MFA Integration KIT

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-39231 Missing Authentication for Critical Function vulnerability in Pingidentity Pingone MFA Integration KIT 2.2
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device.
network
low complexity
pingidentity CWE-306
6.5
6.5
2022-05-02 CVE-2022-23723 Improper Authentication vulnerability in Pingidentity Pingone MFA Integration KIT
An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.
network
low complexity
pingidentity CWE-287
5.0
5.0