CVE-2022-23722

CVE-2022-23722: PingFederate Password Reset via Authentication API Mishandling

Vendor Ping Identity
Product PingFederate
Weakness CWE-288
Published May 2, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password.

Key dates

02Disclosure timeline

May 2, 2022 CVE published
August 3, 2024 Record updated