CVE-2019-16394

SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers...

Information Disclosure

com.liferay:com.liferay.portal.security.audit.event.generators.user.management is vulnerable to Information Disclosure. The vulnerability is due to audit events recording users’ password reminder answers in audit logs, which allows remote authenticated users to retrieve those answers via the audi...

EUVD-2005-3063

Malware in sbrugna...

EUVD-2009-4744

Malware in sbrugna...

EUVD-2013-2261

Malware in sbrugna...

EUVD-2025-30441

Malicious code in bioql PyPI...

CVE-2025-43814

In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions the audit events records a user’s password reminder answer, which allows remote...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the audit events that record password reminder answers. An attacker can access sensitive user information by retrieving password reminder answers from audit logs. Remediation Upgrade...

GHSA-PH63-CHVV-8X46 Liferay Portal and DXP audit events record password reminder answers

In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions the audit events records a user’s password reminder answer, which allows remote...

Liferay Portal and DXP audit events record password reminder answers

In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions the audit events records a user’s password reminder answer, which allows remote...

CVE-2025-43814

In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions the audit events records a user’s password reminder answer, which allows remote...

CVE-2025-43814

In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions the audit events records a user’s password reminder answer, which allows remote...

CVE-2025-43814

In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions the audit events records a user’s password reminder answer, which allows remote...

CVE-2025-43814

In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions the audit events records a user’s password reminder answer, which allows remote...

CVE-2025-43814

CVE-2025-43814 affects Liferay Portal 7.4.0–7.4.3.112 and Liferay DXP 2023.Q4.0–2023.Q4.8, 2023.Q3.1–2023.Q3.10, 7.4 GA–update 92 (older unsupported versions also affected). The root cause is that audit events incorrectly record a user’s password reminder answer, enabling remote authenticated use...

PT-2025-39089

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.112 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.8 Liferay Portal 7.4 GA through update 92 Older unsupported versions Description The audit events...

Linux Distros Unpatched Vulnerability : CVE-2019-16394

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which...

CVE-2021-29038

Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not obfuscate password reminder answers on the page, which allows attackers to use man-in-the-middle or shoulder surfing attacks t...

CVE-2013-2315

data/class/pages/forgot/LCPageForgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request...

Man-in-the-middle Attack

Liferay Portal is vulnerable to Man-in-the-middle Attack. The vulnerability is due to the failure to obfuscate password reminder answers on the page, allowing attackers to exploit man-in-the-middle or shoulder-surfing attacks to steal user's password reminder answers...