Joomla!: [20210302] - Core - Potential Insecure FOFEncryptRandval (CVE-2021-23128)
Description
The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to "random_bytes()" and its backport that is shipped within random_compat.
Solution(s)
joomla-upgrade-3_9_25
Referenceshttps://attackerkb.com/topics/cve-2021-23128CVE - 2021-23128http://developer.joomla.org/security-centre/842-20210302-core-potential-insecure-fofencryptrandval.html