VYPR
Unrated severityNVD Advisory· Published Feb 10, 2022· Updated Aug 4, 2024

Ping Identity PingFederate Password Reset and Password Change Mishandling with an authentication policy in parallel reset flows

CVE-2021-42000

Description

When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.