The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of PingFederate

vulnerability CVE-2014-8489

Ping Identity PingFederate: open redirect of startSSO.ping

Synthesis of the vulnerability

An attacker can deceive the user of Ping Identity PingFederate, in order to redirect him to a malicious site.
Impacted products: PingFederate.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 10/12/2014.
Identifiers: CVE-2014-8489, VIGILANCE-VUL-15770.

Description of the vulnerability

The Ping Identity PingFederate product offers a web service.

However, the /startSSO.ping page accepts to redirect the victim with no warning, to an external site indicated by the attacker in the TargetResource parameter.

An attacker can therefore deceive the user of Ping Identity PingFederate, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about PingFederate: