CVE-2021-42000

Published Feb 10, 2022

Last updated 5 months ago

Overview

Description
When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password.
Source
responsible-disclosure@pingidentity.com
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Severity
MEDIUM

CVSS 2.0

Type
Primary
Base score
3.5
Impact score
2.9
Exploitability score
6.8
Vector string
AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

responsible-disclosure@pingidentity.com
CWE-285
nvd@nist.gov
NVD-CWE-Other

Social media

Hype score
Not currently trending

Configurations