Description
Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the other user's TOTP shared secret.
Remediation
References
Related Vulnerabilities
IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1805)
WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.6)
WordPress Credentials Management Errors Vulnerability (CVE-2009-2762)
Liferay Portal Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5327)