A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.
Credits
Ping Identity credits The Commonwealth Bank of Australia for the discovery of this vulnerability.
