Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-39930
PUBLISHED
More InfoOfficial Page
Assigner-Ping Identity
Assigner Org ID-5998a2e9-ae88-42cd-b6e0-7564fd979f9e
View Known Exploited Vulnerability (KEV) details
Published At-24 Oct, 2023 | 20:54
Updated At-17 Sep, 2024 | 14:16
Rejected At-
▼CVE Numbering Authority (CNA)
PingFederate PingID Radius PCV Authentication Bypass

A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request.

Affected Products
Vendor
Ping Identity Corp.Ping Identity
Product
PingID Radius PCV
Default Status
unaffected
Versions
Affected
  • From 3.0 before 3.0.3 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-288CWE-288 Authentication Bypass Using an Alternate Path or Channel
Type: CWE
CWE ID: CWE-288
Description: CWE-288 Authentication Bypass Using an Alternate Path or Channel
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-115CAPEC-115 Authentication Bypass
CAPEC ID: CAPEC-115
Description: CAPEC-115 Authentication Bypass
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.pingidentity.com/en/resources/downloads/pingfederate.html
N/A
https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_26_rn
N/A
Hyperlink: https://www.pingidentity.com/en/resources/downloads/pingfederate.html
Resource: N/A
Hyperlink: https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_26_rn
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.pingidentity.com/en/resources/downloads/pingfederate.html
x_transferred
https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_26_rn
x_transferred
Hyperlink: https://www.pingidentity.com/en/resources/downloads/pingfederate.html
Resource:
x_transferred
Hyperlink: https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_26_rn
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found