Unrated severityNVD Advisory· Published Feb 10, 2022· Updated Aug 4, 2024
Ping Identity PingFederate Password Reset and Password Change Mishandling with an authentication policy in parallel reset flows
CVE-2021-42000
Description
When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 9.3.3-P15
Patches
Vulnerability mechanics
References
2- docs.pingidentity.com/bundle/pingfederate-103/page/hhm1634833631515.htmlmitrex_refsource_MISC
- www.pingidentity.com/en/resources/downloads/pingfederate.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.