Thursday, March 4, 2021

Joomla!: [20210301] - Core - Insecure randomness within 2FA secret generation (CVE-2021-23126)

Description
Usage of the insecure rand() function within the process of generating the 2FA secret.Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.
Solution(s)
  • joomla-upgrade-3_9_25


  • References
  • https://attackerkb.com/topics/cve-2021-23126
  • CVE - 2021-23126
  • CVE - 2021-23127
  • http://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html




  •  

    Copyright © 2020 Cyber Details - Vulnerability Database™

    Thanks for everything Templateism - You should have written the code a little more complicated