Lucene search

K
cvelistJoomlaCVELIST:CVE-2021-23127
HistoryMar 02, 2021 - 12:00 a.m.

CVE-2021-23127 [20210301] - Core - Insecure randomness within 2FA secret generation

2021-03-0200:00:00
Joomla
www.cve.org

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.5%

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.

CNA Affected

[
  {
    "product": "Joomla! CMS",
    "vendor": "Joomla! Project",
    "versions": [
      {
        "status": "affected",
        "version": "3.2.0-3.9.24"
      }
    ]
  }
]

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.5%

Related for CVELIST:CVE-2021-23127