Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided description.

Description The issue arises after a password reset, where the ChangePasswordForm::doChangePassword() function logs in the user without checking Member::canLogIn(). This poses a problem for sites using the extension point in that method to deny access to certain users, such as those not approved or with temporarily revoked access. The Member::canLogIn() function was initially intended to check for locked-out users due to multiple incorrect login attempts but has been expanded for other uses.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.