CNNVD-202512-466 Information
CNNVD ID
CNNVD-202512-466
Related CVE
- CNNVD Published: 2025-12-04
Description (Chinese)
Ping Identity One-Time Passcode Integration Kit for PingFederate是美国Ping Identity公司的一套软件工具和适配器。 Ping Identity One-Time Passcode Integration Kit for PingFederate存在安全漏洞,该漏洞源于未正确验证HTTP方法和状态,可能导致绕过多因素认证。
Description (English)
Ping Identity One-Time Passcode Information Kit for PingFederate is a software tool and adaptor for PingIdentity in the United States. There is a security loophole in the Ping Infrastructure One-Time Passcode Information Kit for PingFederate, which stems from the incorrect validation of HTTP methods and states, which may lead to over-factor authentication.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Ping Identity
Published
2025-12-04
Last Modified
2026-02-24
References
https://support.pingidentity.com/s/article/SECADV051-PingFederate-OTP-Integration-Kit-authentication-bypass https://www.pingidentity.com/en/resources/downloads/pingfederate.html
Patch
https://www.pingidentity.com/en/resources/downloads/pingfederate.html
Share on: