← Back to CVE List

CVE-2023-40356

Published: 2024-07-09T16:15Z
Last Modified: 2024-11-21T08:19Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from the target’s existing registered devices. A threat actor might be able to exploit this vulnerability to register their own MFA device with a target user’s account if they have existing knowledge of the target user’s first factor credential. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt