Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-23717
CVE-2022-23717:
Ping Identity PingID for Windows vulnerability analysis and mitigation
Overview
PingID Windows Login versions prior to 2.8 contained a vulnerability that could lead to a denial of service condition on local machines when used in conjunction with offline security keys during authentication (CVE Mitre). The vulnerability was discovered and assigned on January 19, 2022, and was identified with CVE-2022-23717.
Technical details
The vulnerability is classified as CWE-404, which typically relates to improper resource shutdown or release (NVD CNA). The issue specifically manifests when the system is configured to use offline security keys as part of the authentication process.
Impact
When exploited, this vulnerability can result in a denial of service condition affecting local machines running PingID Windows Login, potentially disrupting authentication services and system access (CVE Mitre).
Mitigation and workarounds
The vulnerability has been addressed in PingID Windows Login version 2.8 and later. Users are advised to upgrade to the latest version of the software to mitigate this security issue (Ping Downloads).
Additional resources
Source: This report was generated using AI
Related Ping Identity PingID for Windows vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management