Primary

Context

Ping Identity PingFederate OTP Integration Kit Multi-Factor Authentication Bypass Vulnerability

Vulnerability

A vulnerability exists in the OTP Integration Kit for PingFederate, where the application improperly validates HTTP methods and authentication states. This flaw allows the server to progress the authentication process without verifying the one-time password (OTP), effectively bypassing multi-factor authentication.

Impact

Exploitation of this vulnerability allows for unauthorized advancement of the authentication state, bypassing multi-factor authentication requirements.

Remediation

Users can download the latest version of PingFederate from the Ping Identity website. For those already using version 12.3, it is recommended to update to the latest maintenance release.

Added: Dec 4, 2025, 9:27 PM

Updated: Dec 4, 2025, 9:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ping Identity PingFederate OTP Integration Kit Multi-Factor Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating