AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-03-23 · Documentation low

File: cognito/latest/developerguide/user-pool-settings-mfa-sms-email-message.md

Summary

Removed statement about access token restrictions for MFA attribute changes

Security assessment

Removal of a policy statement without clear evidence of security impact or vulnerability remediation.

Diff

diff --git a/cognito/latest/developerguide/user-pool-settings-mfa-sms-email-message.md b/cognito/latest/developerguide/user-pool-settings-mfa-sms-email-message.md
index 1a4f7a1b1..f35a77d1d 100644
--- a/cognito/latest/developerguide/user-pool-settings-mfa-sms-email-message.md
+++ b/cognito/latest/developerguide/user-pool-settings-mfa-sms-email-message.md
@@ -44,2 +43,0 @@ Set the duration of an authentication flow session in the Amazon Cognito console
-  * A user can't use their access token to change the value of a phone number or email address that's associated with MFA. Your team must change these values with administrator AWS credentials in [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) API requests.
-