When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password.
References
Link | Resource |
---|---|
https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html | Release Notes Vendor Advisory |
https://www.pingidentity.com/en/resources/downloads/pingfederate.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Ping Identity
Published: 2022-05-02T22:05:13
Updated: 2022-05-02T22:05:13
Reserved: 2022-01-19T00:00:00
Link: CVE-2022-23722
JSON object: View
NVD Information
Status : Modified
Published: 2022-05-02T22:15:09.647
Modified: 2023-11-07T03:44:17.477
Link: CVE-2022-23722
JSON object: View
Redhat Information
No data.