PingID integration for Windows login 2.8.3 (June 21, 2022)
Authentication request despite Recent Authentication rule in policy
Fixed STAGING-15722 PingID Integration for Windows login
In version 2.8, when Windows login was integrated with PingID directly (not through PingFederate), there were situations where users would be asked to authenticate even though the defined Recent Authentication rule in the authentication policy should have prevented an authentication prompt.
Windows login verifies PingID properties file
Fixed PIM-3134 PingID Integration for Windows login
Beginning with version 2.8, you must use the restricted-permissions properties file that is generated when you click the Generate button in the Integrate with Windows and Mac login section. You can no longer use the properties file that is generated when you click the Generate button in the Integrate with PingFederate and other clients section. This resolves issues related to CVE-2022-23717.
Removed Windows login local privilege escalation
Fixed PIM-2897 PingID Integration for Windows login
Windows Login local privilege escalation to System account is now removed. This resolves issues related to CVE-2022-23719.
Additions to the Authentication Browser
Fixed PIM-2898 PingID Integration for Windows login
Offline HTML and JS files are now added to the Authentication Browser (similar to these employed by Authenticator Browser for Online login flow) . This resolves issues related to CVE-2022-23717.
Chromium upgrade
Fixed PID-9964 PingID Integration for Windows login
Chromium is now upgraded in Windows Login. This resolves issues related to CVE-2022-23718.
Restricted access to the properties file in the registry
Fixed PID-3315 PingID Integration for Windows login
Fixed an issue related to restricting access to the properties file in the registry. This resolves issues related to CVE-2022-23725.