VU#692873: Saviynt Enterprise Identity Cloud vulnerable to local user enumeration and authentication bypass

Overview Saviynt Enterprise Identity Cloud contains user enumeration and authentication bypass vulnerabilities in the local password reset feature. Together, these vulnerabilities could allow a remote, unauthenticated attacker to gain administrative privileges if an SSO solution is not configured for authentication. Description Saviynt Enterprise Identity Cloud contains two vulnerabilities in the password reset feature for the local authentication system. Specifying the id parameter returns user names and it is common that accounts with administrative privileges have low (often single digit) id...