Vulnerabilities

CVE-2025-27935

by Fred · 04/12/2025

The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication.

More information : https://support.pingidentity.com/s/article/SECADV051-PingFederate-OTP-Integration-Kit-authentication-bypass

Similar

Tags: Cybersecurity Alert