CVE-2022-40725

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

Name of the Vulnerable Software and Affected Versions PingID Desktop versions prior to 1.7.4

Description The issue allows attackers to bypass the maximum PIN attempts permitted before the time-based lockout is activated. This can be exploited in PingID Desktop.

Recommendations For versions prior to 1.7.4, update to version 1.7.4 to resolve the issue.

Fix

Missing Authentication

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-288

Related Identifiers

CVE-2022-40725

Affected Products

Pingid Desktop

CVE-2022-40725

Weakness Enumeration

Related Identifiers

Affected Products

References · 4