CVE-2021-23127

Published: Mar 4, 2021Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.

Affected (1)

Products: Joomla: Joomla!

Joomla

1 product

Joomla!

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Joomla Joomla!	From 3.2.0 to 3.9.25

References (2)

https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html

Source: security@joomla.org

Vendor Advisory

https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.