Yet another MAJOR BUG in ADSSP
Ticket # 4272254 raised with ManageEngine for this.
Even though the settings in the ADSSP Admin portal is set to "Deny users from performing password reset/account unlock when partially enrolled", if a user has not enrolled but attempts to Reset Password and/or Unlock Account (keep in mind, the user has not even attempted the enrollment process), ADSSP portal lets them go through with Email and/or SMS verification and eventually land on the page to do the Reset Password / Unlock Account.
MAJOR BUG which needs a fix IMMEDIATELY.
ManageEngine never seems to test their products/releases. We as the Customers deploy it into our Corporate Environment and risk severe breaches cause of this.
Even though the settings in the ADSSP Admin portal is set to "Deny users from performing password reset/account unlock when partially enrolled", if a user has not enrolled but attempts to Reset Password and/or Unlock Account (keep in mind, the user has not even attempted the enrollment process), ADSSP portal lets them go through with Email and/or SMS verification and eventually land on the page to do the Reset Password / Unlock Account.
MAJOR BUG which needs a fix IMMEDIATELY.
ManageEngine never seems to test their products/releases. We as the Customers deploy it into our Corporate Environment and risk severe breaches cause of this.