Thursday, March 4, 2021

Joomla!: [20210302] - Core - Potential Insecure FOFEncryptRandval (CVE-2021-23128)

Description
The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to "random_bytes()" and its backport that is shipped within random_compat.
Solution(s)
  • joomla-upgrade-3_9_25


  • References
  • https://attackerkb.com/topics/cve-2021-23128
  • CVE - 2021-23128
  • http://developer.joomla.org/security-centre/842-20210302-core-potential-insecure-fofencryptrandval.html




  •  

    Copyright © 2020 Cyber Details - Vulnerability Database™

    Thanks for everything Templateism - You should have written the code a little more complicated