What is CVE-2022-23725?

CVE-2022-23725 is a vulnerability in PingID Windows Login prior to version 2.8 that does not properly set permissions on the Windows Registry entries used to store sensitive API keys.

What is the severity of CVE-2022-23725?

CVE-2022-23725 has a severity rating of high (5.5).

How does CVE-2022-23725 affect PingID Windows Login?

CVE-2022-23725 affects PingID Windows Login versions prior to 2.8 by not properly setting permissions on Windows Registry entries.

How can I fix CVE-2022-23725?

To fix CVE-2022-23725, update PingID Windows Login to version 2.8 or higher.

Where can I find more information about CVE-2022-23725?

More information about CVE-2022-23725 can be found in the PingID documentation and downloads page.

Vulnerability/
CVE-2022-23725

30/6/2022

13/7/2023

CVE-2022-23725

First published: Thu Jun 30 2022(Updated: )

PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances.

Credit: responsible-disclosure@pingidentity.com

Affected Software	Affected Version	How to fix
Pingidentity Pingid Integration For Windows Login	<2.8

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-23725?
CVE-2022-23725 is a vulnerability in PingID Windows Login prior to version 2.8 that does not properly set permissions on the Windows Registry entries used to store sensitive API keys.
What is the severity of CVE-2022-23725?
CVE-2022-23725 has a severity rating of high (5.5).
How does CVE-2022-23725 affect PingID Windows Login?
CVE-2022-23725 affects PingID Windows Login versions prior to 2.8 by not properly setting permissions on Windows Registry entries.
How can I fix CVE-2022-23725?
To fix CVE-2022-23725, update PingID Windows Login to version 2.8 or higher.
Where can I find more information about CVE-2022-23725?
More information about CVE-2022-23725 can be found in the PingID documentation and downloads page.

collector/nvd-index
vendor/pingidentity
product/pingid integration for windows login
canonical/pingidentity pingid integration for windows login

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.