First published: Tue Apr 25 2023(Updated: )
PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times.
Credit: responsible-disclosure@pingidentity.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pingidentity Pingid Integration For Windows Login | <2.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-23721.
The severity level of CVE-2022-23721 is low.
PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times.
To fix CVE-2022-23721, it is recommended to update PingID integration for Windows login to version 2.9 or above.
More information about CVE-2022-23721 can be found at the following link: [https://docs.pingidentity.com/r/en-us/pingid/davinci_pingid_windows_login_relnotes_2.9](https://docs.pingidentity.com/r/en-us/pingid/davinci_pingid_windows_login_relnotes_2.9)