๐ [20210301] Insecure randomness within 2FA secret generation
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: portal.patchman.co
There was usage of the insecure rand() function within the process of generating the 2FA secret.
There was usage of an insufficient length for the 2FA secret according to RFC 4226 of 10 bytes vs 20 bytes.
CVE-2021-23126, CVE-2021-23127
This vulnerability affects the following application versions:
- Joomla 3.6.3
- Joomla 3.6.3-rc1
- Joomla 3.6.3-rc2
- Joomla 3.6.3-rc3
- Joomla 3.6.4
- Joomla 3.6.5
- Joomla 3.7.0
- Joomla 3.7.0-rc1
- Joomla 3.7.0-rc2
- Joomla 3.7.0-rc3
- Joomla 3.7.0-rc4
- Joomla 3.7.1
- Joomla 3.7.1-rc1
- Joomla 3.7.1-rc2
- Joomla 3.7.2
- Joomla 3.7.3
- Joomla 3.7.3-rc1
- Joomla 3.7.3-rc2
- Joomla 3.7.4
- Joomla 3.7.4-rc1
- Joomla 3.7.5
- Joomla 3.8.0
- Joomla 3.8.0-rc1
- Joomla 3.8.1
- Joomla 3.8.1-rc
- Joomla 3.8.2
- Joomla 3.8.2-rc
- Joomla 3.8.3
- Joomla 3.8.3-rc
- Joomla 3.8.4
- Joomla 3.8.4-rc
- Joomla 3.8.4-rc2
- Joomla 3.8.5
- Joomla 3.8.5-rc
- Joomla 3.8.6
- Joomla 3.8.6-rc1
- Joomla 3.8.7
- Joomla 3.8.7-rc
- Joomla 3.8.8
- Joomla 3.8.8-rc
- Joomla 3.8.9
- Joomla 3.8.9-rc
- Joomla 3.8.10
- Joomla 3.8.11
- Joomla 3.8.12
- Joomla 3.8.13
- Joomla 3.9.0
- Joomla 3.9.1
- Joomla 3.9.2
- Joomla 3.9.3
- Joomla 3.9.4
- Joomla 3.9.5
- Joomla 3.9.6
- Joomla 3.9.7
- Joomla 3.9.8
- Joomla 3.9.9
- Joomla 3.9.10
- Joomla 3.9.11
- Joomla 3.9.12
- Joomla 3.9.13
- Joomla 3.9.14
- Joomla 3.9.15
- Joomla 3.9.16
- Joomla 3.9.17
- Joomla 3.9.18
- Joomla 3.9.19
- Joomla 3.9.20
- Joomla 3.9.21
- Joomla 3.9.22
- Joomla 3.9.23
- Joomla 3.9.24