3 matches found
CVE-2022-23722
When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password...
CVE-2022-23722
PingFederate Password Reset vulnerability (CVE-2022-23722): when the password-reset mechanism uses the Authentication API with an Authentication Policy, email OTP, PingID, or SMS, an existing user can reset another user’s password. The connected sources describe the issue and its impact but do no...
CVE-2022-23722 PingFederate Password Reset via Authentication API Mishandling
When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password...