CVE-2022-23722 (GCVE-0-2022-23722)
Vulnerability from cvelistv5 – Published: 2022-05-02 22:05 – Updated: 2024-08-03 03:51
VLAI?
Summary
When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password.
Severity ?
No CVSS data available.
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ping Identity | PingFederate |
Affected:
11.0 , ≤ 11.0
(custom)
Affected: 10.3 , ≤ 10.3.4 (custom) Affected: 10.2 , ≤ 10.2.7 (custom) Affected: 10.1 , ≤ 10.1.9 (custom) Affected: 10.0 , ≤ 10.0.12 (custom) Affected: 9.3 , ≤ 9.3.3P16 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PingFederate",
"vendor": "Ping Identity",
"versions": [
{
"lessThanOrEqual": "11.0",
"status": "affected",
"version": "11.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.3.4",
"status": "affected",
"version": "10.3",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.2.7",
"status": "affected",
"version": "10.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.1.9",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.0.12",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.3.3P16",
"status": "affected",
"version": "9.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user\u2019s password."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T22:05:13",
"orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
"shortName": "Ping Identity"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html"
}
],
"source": {
"advisory": "SECBL021",
"defect": [
"PF-30450"
],
"discovery": "INTERNAL"
},
"title": "PingFederate Password Reset via Authentication API Mishandling",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "responsible-disclosure@pingidentity.com",
"ID": "CVE-2022-23722",
"STATE": "PUBLIC",
"TITLE": "PingFederate Password Reset via Authentication API Mishandling"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PingFederate",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "11.0",
"version_value": "11.0"
},
{
"version_affected": "\u003c=",
"version_name": "10.3",
"version_value": "10.3.4"
},
{
"version_affected": "\u003c=",
"version_name": "10.2",
"version_value": "10.2.7"
},
{
"version_affected": "\u003c=",
"version_name": "10.1",
"version_value": "10.1.9"
},
{
"version_affected": "\u003c=",
"version_name": "10.0",
"version_value": "10.0.12"
},
{
"version_affected": "\u003c=",
"version_name": "9.3",
"version_value": "9.3.3P16"
}
]
}
}
]
},
"vendor_name": "Ping Identity"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user\u2019s password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html",
"refsource": "MISC",
"url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
},
{
"name": "https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html",
"refsource": "MISC",
"url": "https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html"
}
]
},
"source": {
"advisory": "SECBL021",
"defect": [
"PF-30450"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
"assignerShortName": "Ping Identity",
"cveId": "CVE-2022-23722",
"datePublished": "2022-05-02T22:05:13",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:46.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.3.0\", \"versionEndExcluding\": \"9.3.3\", \"matchCriteriaId\": \"AF59C274-0837-41EF-BD03-B2C762B8AD2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0.0\", \"versionEndExcluding\": \"10.0.12\", \"matchCriteriaId\": \"5C32AD2C-6B70-49E0-B4C1-829735EDBA35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.1.0\", \"versionEndExcluding\": \"10.1.9\", \"matchCriteriaId\": \"23194E8C-C2BD-4A0C-875D-BBF15679A0F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.2.0\", \"versionEndExcluding\": \"10.2.7\", \"matchCriteriaId\": \"0887EB34-CD7F-4A26-AEC5-DCC5DA07E795\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.3.0\", \"versionEndExcluding\": \"10.3.4\", \"matchCriteriaId\": \"EC079534-00BB-4965-88F1-D8FDF79FF35C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pingidentity:pingfederate:9.3.3:p15:*:*:*:*:*:*\", \"matchCriteriaId\": \"742ABDC8-3F6F-4D21-9FFE-BDF5F098FD60\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pingidentity:pingfederate:11.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E04A442B-5726-4057-B6B3-7BB6021255AC\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user\\u2019s password.\"}, {\"lang\": \"es\", \"value\": \"Cuando un mecanismo de restablecimiento de contrase\\u00f1a est\\u00e1 configurado para usar la API de Autenticaci\\u00f3n con una Pol\\u00edtica de Autenticaci\\u00f3n, una Contrase\\u00f1a de Una sola vez por correo electr\\u00f3nico, PingID o autenticaci\\u00f3n por SMS, un usuario existente puede restablecer la contrase\\u00f1a de otro usuario existente\"}]",
"id": "CVE-2022-23722",
"lastModified": "2024-11-21T06:49:10.940",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-05-02T22:15:09.647",
"references": "[{\"url\": \"https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html\", \"source\": \"responsible-disclosure@pingidentity.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.pingidentity.com/en/resources/downloads/pingfederate.html\", \"source\": \"responsible-disclosure@pingidentity.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.pingidentity.com/en/resources/downloads/pingfederate.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "responsible-disclosure@pingidentity.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"responsible-disclosure@pingidentity.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-288\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-23722\",\"sourceIdentifier\":\"responsible-disclosure@pingidentity.com\",\"published\":\"2022-05-02T22:15:09.647\",\"lastModified\":\"2024-11-21T06:49:10.940\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user\u2019s password.\"},{\"lang\":\"es\",\"value\":\"Cuando un mecanismo de restablecimiento de contrase\u00f1a est\u00e1 configurado para usar la API de Autenticaci\u00f3n con una Pol\u00edtica de Autenticaci\u00f3n, una Contrase\u00f1a de Una sola vez por correo electr\u00f3nico, PingID o autenticaci\u00f3n por SMS, un usuario existente puede restablecer la contrase\u00f1a de otro usuario existente\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"responsible-disclosure@pingidentity.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-288\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.3.0\",\"versionEndExcluding\":\"9.3.3\",\"matchCriteriaId\":\"AF59C274-0837-41EF-BD03-B2C762B8AD2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.12\",\"matchCriteriaId\":\"5C32AD2C-6B70-49E0-B4C1-829735EDBA35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.0\",\"versionEndExcluding\":\"10.1.9\",\"matchCriteriaId\":\"23194E8C-C2BD-4A0C-875D-BBF15679A0F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.2.0\",\"versionEndExcluding\":\"10.2.7\",\"matchCriteriaId\":\"0887EB34-CD7F-4A26-AEC5-DCC5DA07E795\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.3.0\",\"versionEndExcluding\":\"10.3.4\",\"matchCriteriaId\":\"EC079534-00BB-4965-88F1-D8FDF79FF35C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pingidentity:pingfederate:9.3.3:p15:*:*:*:*:*:*\",\"matchCriteriaId\":\"742ABDC8-3F6F-4D21-9FFE-BDF5F098FD60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pingidentity:pingfederate:11.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E04A442B-5726-4057-B6B3-7BB6021255AC\"}]}]}],\"references\":[{\"url\":\"https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html\",\"source\":\"responsible-disclosure@pingidentity.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.pingidentity.com/en/resources/downloads/pingfederate.html\",\"source\":\"responsible-disclosure@pingidentity.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.pingidentity.com/en/resources/downloads/pingfederate.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…