CVE-2022-23719 is a vulnerability in Pingidentity Pingid Integration Windows Login
Published on June 30, 2022
PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests
PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication.
Vulnerability Analysis
CVE-2022-23719 can be exploited with local system access, requires user interaction and user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Types
Cryptographic Issues
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
Authentication Bypass Using an Alternate Path or Channel
A product requires authentication, but the product has an alternate path or channel that does not require authentication.
Products Associated with CVE-2022-23719
Want to know whenever a new CVE is published for Pingidentity Pingid Integration Windows Login? stack.watch will email you.
Affected Versions
Ping Identity PingID Windows Login:- Version unspecified and below 2.8 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.