Description
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the database if workflow is enabled for user creation, which allows attackers with access to the database to obtain a user's password.
Remediation
References
Related Vulnerabilities
MySQL CVE-2017-3463 Vulnerability (CVE-2017-3463)
WordPress Plugin WP Job Manager Cross-Site Request Forgery (1.25.2)
MySQL CVE-2021-35608 Vulnerability (CVE-2021-35608)
Oracle Database Server Other Vulnerability (CVE-2007-3857)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2007-2748)