Tkruppert

**Name of the Vulnerable Software and Affected Versions** OctoPrint versions up to and including 1.9.3 **Description** The issue allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an admin account might use this to lock out actual admins from their OctoPrint instance. **Recommendations** For versions up to and including 1.9.3, update to version 1.10.0 to resolve the issue. As a temporary workaround, consider thoroughly vetting who has admin access to the installation to minimize the risk of exploitation.