VYPR
Unrated severityNVD Advisory· Published May 2, 2022· Updated Aug 3, 2024

PingFederate Password Reset via Authentication API Mishandling

CVE-2022-23722

Description

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.

CVE-2022-23722 · VYPR