Description
An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages.
Remediation
References
Related Vulnerabilities
Jenkins Improper Handling of Inconsistent Structural Elements Vulnerability (CVE-2021-21640)
IBM RTC Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-7440)
WordPress Plugin Easy Digital Downloads QR Code Cross-Site Scripting (1.1.0)