Security Advisory

CVE-2023-39231

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-10-24 19:56:06

Last updated 2024-09-11 17:39:35

Assigner Ping Identity

State PUBLISHED

Description

PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim users first factor credentials.

← Browse all CVEs View on cve.org ↗