Unrated severityNVD Advisory· Published Oct 24, 2023· Updated Sep 11, 2024

PingFederate PingOne MFA IK Device Pairing Second Factor Authentication Bypass

CVE-2023-39231

Description

PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Pingidentity/Pingfederatellm-fuzzy
Pingidentity/PingOne MFA Integration Kitcpe-rescue
Range: 2.2

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.pingidentity.com/r/en-us/pingfederate-pingone-mfa-ik/bks1657303194394mitre
www.pingidentity.com/en/resources/downloads/pingid.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000