One Time Passcode Integration Kit For Pingfederate
Approved changes feed: RSS · Atom
cpe:2.3:a:ping_identity:one-time_passcode_integration_kit_for_pingfederate:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Ping Identity (6d158c0c-35d7-577e-9df0-1f89137d9677) |
|---|---|
| Product | One Time Passcode Integration Kit For Pingfederate (56f729bb-0731-5145-a31e-41fbc49566b6) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-27935 |
vulnerable | 2026-06-03 15:00:13.539872 |
Authentication Bypass in OTP (One-time Passcode) IdP Adapter Integration Kit
The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication.
Published: 2025-12-04T20:38:31.922Z
Updated: 2025-12-05T17:33:20.910Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.