CVE-2022-23725 HIGH

CVE-2022-23725: PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances

Vendor Ping Identity
Product PingID Windows Login
Weakness CWE-522 · Insufficiently protected credentials
Published June 30, 2022
Last update August 3, 2024

CVSS base score

7.7/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

What the vulnerability does

01Description

PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances.

Key dates

02Disclosure timeline

June 30, 2022 CVE published
August 3, 2024 Record updated