CVE-2022-23718

Name of the Vulnerable Software and Affected Versions PingID Windows Login versions prior to 2.8

Description The issue is related to the use of outdated functions in the PingID multi-factor authentication (MFA) application for Windows. This can allow a remote attacker to perform a man-in-the-middle (MITM) attack. An attacker capable of achieving a sophisticated man-in-the-middle position, or compromising Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the PingID Windows Login application.

Recommendations For versions prior to 2.8, update to version 2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the PingID Windows Login application to minimize the risk of exploitation. Avoid using the application in environments where man-in-the-middle attacks are possible until the issue is resolved.