๐ [20210302] Potential Insecure FOFEncryptRandval
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: portal.patchman.co
The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implementation. That has now been replaced with a call to "random_bytes()" and its backport that is shipped within random_compat.
CVE-2021-23128
This vulnerability affects the following application versions:
- Joomla 3.6.3
- Joomla 3.6.3-rc1
- Joomla 3.6.3-rc2
- Joomla 3.6.3-rc3
- Joomla 3.6.4
- Joomla 3.6.5
- Joomla 3.7.0
- Joomla 3.7.0-rc1
- Joomla 3.7.0-rc2
- Joomla 3.7.0-rc3
- Joomla 3.7.0-rc4
- Joomla 3.7.1
- Joomla 3.7.1-rc1
- Joomla 3.7.1-rc2
- Joomla 3.7.2
- Joomla 3.7.3
- Joomla 3.7.3-rc1
- Joomla 3.7.3-rc2
- Joomla 3.7.4
- Joomla 3.7.4-rc1
- Joomla 3.7.5
- Joomla 3.8.0
- Joomla 3.8.0-rc1
- Joomla 3.8.1
- Joomla 3.8.1-rc
- Joomla 3.8.2
- Joomla 3.8.2-rc
- Joomla 3.8.3
- Joomla 3.8.3-rc
- Joomla 3.8.4
- Joomla 3.8.4-rc
- Joomla 3.8.4-rc2
- Joomla 3.8.5
- Joomla 3.8.5-rc
- Joomla 3.8.6
- Joomla 3.8.6-rc1
- Joomla 3.8.7
- Joomla 3.8.7-rc
- Joomla 3.8.8
- Joomla 3.8.8-rc
- Joomla 3.8.9
- Joomla 3.8.9-rc
- Joomla 3.8.10
- Joomla 3.8.11
- Joomla 3.8.12
- Joomla 3.8.13
- Joomla 3.9.0
- Joomla 3.9.1
- Joomla 3.9.2
- Joomla 3.9.3
- Joomla 3.9.4
- Joomla 3.9.5
- Joomla 3.9.6
- Joomla 3.9.7
- Joomla 3.9.8
- Joomla 3.9.9
- Joomla 3.9.10
- Joomla 3.9.11
- Joomla 3.9.12
- Joomla 3.9.13
- Joomla 3.9.14
- Joomla 3.9.15
- Joomla 3.9.16
- Joomla 3.9.17
- Joomla 3.9.18
- Joomla 3.9.19
- Joomla 3.9.20
- Joomla 3.9.21
- Joomla 3.9.22
- Joomla 3.9.23
- Joomla 3.9.24