Ping Identity PingFederate HTML Form Adapter Authentication Brute Force Vulnerability

Vulnerability

A vulnerability in the HTML Form Adapter of PingFederate, specifically in non-default redirectless mode, allows for unexpected authentication form rendering. This issue could facilitate brute force login attacks by enabling repeated authentication attempts.

Impact

Exploitation of this vulnerability could lead to successful brute force login attempts, allowing unauthorized access to user accounts.

Added: Oct 27, 2025, 3:23 PM

Updated: Oct 27, 2025, 3:23 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.8

threat

0.0

urgency

5.7

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.8

threat

0.0

urgency

5.7

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ping Identity PingFederate HTML Form Adapter Authentication Brute Force Vulnerability

Vulnerability

Impact

Affected Products

Ping Identity PingFederate

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating