Description

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.

Remediation

References

CVE-2021-23127

Related Vulnerabilities

Oracle JRE CVE-2017-10285 Vulnerability (CVE-2017-10285)

WordPress Plugin Google Analytics Dashboard Plugin for WordPress by MonsterInsights 404 Error Page Cross-Site Scripting (3.2.4)

WordPress Plugin ToolBar to Share Cross-Site Request Forgery (2.0)

phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-6798)

Drupal Core 9.3.x Security Bypass (9.3.0 - 9.3.15)

Severity

Critical

Classification

CVE-2021-23127 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities