AWS cognito documentation change
Summary
Removed statement about access token restrictions for MFA attribute changes
Security assessment
Removal of a policy statement without clear evidence of security impact or vulnerability remediation.
Diff
diff --git a/cognito/latest/developerguide/user-pool-settings-mfa-sms-email-message.md b/cognito/latest/developerguide/user-pool-settings-mfa-sms-email-message.md index 1a4f7a1b1..f35a77d1d 100644 --- a/cognito/latest/developerguide/user-pool-settings-mfa-sms-email-message.md +++ b/cognito/latest/developerguide/user-pool-settings-mfa-sms-email-message.md @@ -44,2 +43,0 @@ Set the duration of an authentication flow session in the Amazon Cognito console - * A user can't use their access token to change the value of a phone number or email address that's associated with MFA. Your team must change these values with administrator AWS credentials in [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) API requests. -