CVE-2022-23725 Login prior to 2.8 did not properly set permissions on the Windows Registry entries used to store sensitive API keys.

This could be abused by malicious or compromised user account to gain access to Extranet that they shouldn't have access to. This flaw has been fixed in Extranet 2.8. Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances.This could be abused by malicious or compromised user account to gain access to Extranet that they shouldn't have access to. This flaw has been fixed in Extranet 2.8.

CVE-2018-17123 Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances.

CVE-2018-17124 Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances.

CVE-2018-17125 Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances.

CVE-2018-17126 Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances.

CVE-2018-17127 Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances.

CVE-2018-17128 Windows Login prior to 2.8 does not properly set permissions on the

Overview: What is Azure AD Connect?

Azure AD Connect is a solution that integrates on-premises Active Directory (AD) with Microsoft Azure Active Directory (Azure AD). It automates the onboarding and configuration of users, devices, and applications to Azure AD.

^ ^^

This could be abused by malicious or compromised user account to gain access to Extranet that they shouldn't have access to. This flaw has been fixed in Extranet 2.8.

This could be abused by malicious or compromised user account to gain access to Extranet that they shouldn't have access to. This flaw has been fixed in Extranet 2.8. Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances.

This could be abused by malicious or compromised user account to gain access to Extranet that they shouldn't have access to. This flaw has been fixed in Extranet 2.8, Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances, and this vulnerability is CVE-2018-17123

Timeline

Published on: 06/30/2022 20:15:00 UTC
Last modified on: 07/12/2022 16:31:00 UTC

References

• https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html
• https://www.pingidentity.com/en/resources/downloads/pingid.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23725