PT-2022-3291 · Ping Identity · Pingid Windows Login

Published

2022-06-30

Updated

2022-07-12

CVE-2022-23717

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions PingID Windows Login versions prior to 2.8

Description The issue is related to a denial of service condition that can occur on local machines when using offline security keys as part of the authentication process. This is due to incorrect clearance or release of resources in the multi-factor authentication (MFA) application. Exploitation of this issue can allow an attacker to cause a denial of service.

Recommendations For versions prior to 2.8, update to version 2.8 or later to resolve the issue. As a temporary workaround, consider avoiding the use of offline security keys as part of the authentication process until a patch is available. Restrict access to the authentication module to minimize the risk of exploitation.

Fix

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

BDU:2022-04027

CVE-2022-23717

Affected Products

Pingid Windows Login

PT-2022-3291 · Ping Identity · Pingid Windows Login

CVE-2022-23717

Weakness Enumeration

Related Identifiers

Affected Products

References · 6