Yet another MAJOR BUG in ADSSP

Yet another MAJOR BUG in ADSSP

Ticket # 4272254 raised with ManageEngine for this.

Even though the settings in the ADSSP Admin portal is set to  "Deny users from performing password reset/account unlock when partially enrolled", if a user has not enrolled but attempts to Reset Password and/or Unlock Account (keep in mind, the user has not even attempted the enrollment process), ADSSP portal lets them go through with Email and/or SMS verification and eventually land on the page to do the Reset Password / Unlock Account. 


MAJOR BUG which needs a fix IMMEDIATELY. 

ManageEngine never seems to test their products/releases. We as the Customers deploy it into our Corporate Environment and risk severe breaches cause of this.