Lucene search

GoogleOSV:CVE-2021-23127

HistoryMar 04, 2021 - 6:15 p.m.

CVE-2021-23127

2021-03-0418:15:13

Google

osv.dev

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

6.8 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

59.8%

JSON

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.

CPENameOperatorVersion
joomla-cmseq3.7.0
joomla-cmseq3.8.4
joomla-cmseq3.9.20
joomla-cmseq3.7.0-beta3
joomla-cmseq3.9.12-rc
joomla-cmseq3.9.4
joomla-cmseq3.5.1-rc2
joomla-cmseq3.7.1-rc2
joomla-cmseq3.7.0-beta1
joomla-cmseq3.8.3

Name	Operator	Version
joomla-cms	eq	3.7.0
joomla-cms	eq	3.8.4
joomla-cms	eq	3.9.20
joomla-cms	eq	3.7.0-beta3
joomla-cms	eq	3.9.12-rc
joomla-cms	eq	3.9.4
joomla-cms	eq	3.5.1-rc2
joomla-cms	eq	3.7.1-rc2
joomla-cms	eq	3.7.0-beta1
joomla-cms	eq	3.8.3

Rows per page:

1-10 of 1751

References

developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

6.8 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

59.8%

JSON

Related for OSV:CVE-2021-23127