Description

An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat.

Remediation

References

CVE-2021-23128

Related Vulnerabilities

Python Cryptographic Issues Vulnerability (CVE-2012-1150)

WordPress Plugin BuddyPress Security Bypass (2.3.4)

WordPress 6.2.x Shortcode Execution (6.2 - 6.2.1)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3508)

PHP Use After Free Vulnerability (CVE-2019-13224)

Severity

Critical

Classification

CVE-2021-23128 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities