CVE-2023-40702

Name of the Vulnerable Software and Affected Versions PingOne MFA Integration Kit (affected versions not specified)

Description The issue allows the skipMFA action to be configured in a way that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this to authenticate as a target user if they have existing knowledge of the target user’s first-factor credentials.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.