Zoho ManageEngine Desktop Central prior to 10.1.2137.10 allows an authenticated user to change any user's login password.
zohocorp manageengine desktop central
Vulmon