Thursday, March 4, 2021

Joomla!: [20210302] - Core - Potential Insecure FOFEncryptRandval (CVE-2021-23128)

rapid7 vulnerabilities In: , 
Description
The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to "random_bytes()" and its backport that is shipped within random_compat.
Solution(s)
  • joomla-upgrade-3_9_25


    • References
  • https://attackerkb.com/topics/cve-2021-23128
  • CVE - 2021-23128
  • http://developer.joomla.org/security-centre/842-20210302-core-potential-insecure-fofencryptrandval.html




    •  

    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore