Vulnerability DatabaseCVE-2022-23725

CVE-2022-23725:
Ping Identity PingID for Windows vulnerability analysis and mitigation

Overview

PingID Windows Login prior to version 2.8 contained a security vulnerability related to improper permission settings on Windows Registry entries used for storing sensitive API keys. The vulnerability was assigned CVE-2022-23725 and was discovered and disclosed in January 2022 (CVE Mitre).

Technical details

The vulnerability is classified under multiple CWE categories including CWE-288 (Authentication Bypass), CWE-287 (Improper Authentication), and CWE-522 (Insufficiently Protected Credentials) (NVD Report). The issue stems from improper permission configuration in the Windows Registry where sensitive API keys are stored, potentially exposing these credentials to unauthorized access.

Impact

The improper permission settings on Windows Registry entries could potentially expose sensitive API keys, leading to unauthorized access to PingID authentication systems and potentially compromising the security of affected systems (CVE Mitre).

Mitigation and workarounds

The vulnerability has been addressed in PingID Windows Login version 2.8 and later. Users are advised to upgrade to the latest version of the software to resolve this security issue (Ping Downloads).

Additional resources

Source: This report was generated using AI

Related Ping Identity PingID for Windows vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2022-23720	HIGH	8.2	Ping Identity PingID for Windows	cpe:2.3:a:pingidentity:pingid_integration_for_windows_login	No	Yes	Jun 30, 2022
CVE-2022-23718	HIGH	8.1	Ping Identity PingID for Windows	cpe:2.3:a:pingidentity:pingid_integration_for_windows_login	No	Yes	Jun 30, 2022
CVE-2022-23719	MEDIUM	6.4	Ping Identity PingID for Windows	cpe:2.3:a:pingidentity:pingid_integration_for_windows_login	No	Yes	Jun 30, 2022
CVE-2022-23725	MEDIUM	5.5	Ping Identity PingID for Windows	cpe:2.3:a:pingidentity:pingid_integration_for_windows_login	No	Yes	Jun 30, 2022
CVE-2022-23721	LOW	3.3	Ping Identity PingID for Windows	cpe:2.3:a:pingidentity:pingid_integration_for_windows_login	No	Yes	Apr 25, 2023

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2022-23725: Ping Identity PingID for Windows vulnerability analysis and mitigation