Sendilkumarn

**Name of the Vulnerable Software and Affected Versions** generator-jhipster-kotlin version 1.6.0 **Description** The issue allows an attacker to forge log entries by creating log entries for invalid password reset attempts. This can be exploited because the email is provided by a user and the API is public. The problem affects only applications generated with JWT or session authentication, while applications using OAuth are not vulnerable. **Recommendations** For generator-jhipster-kotlin version 1.6.0, as a temporary workaround, consider modifying the `AccountResource.kt` file by changing the line `log.warn("Password reset requested for non existing mail '$mail'");` to `log.warn("Password reset requested for non existing mail");`. To fully resolve the issue, update to version 1.7.0.