Description

The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes.

Remediation

References

CVE-2024-25607

Related Vulnerabilities

MySQL CVE-2012-1690 Vulnerability (CVE-2012-1690)

WordPress Plugin Manage Calameo Publications by Athlon Cross-Site Scripting (1.1.0)

WordPress Plugin Calendar by WD-Responsive Event Calendar for WordPress SQL Injection (1.5.51)

WordPress Plugin Quick Cache (Speed Without Compromise) Unspecified Vulnerability (140725)

Apache httpOnly cookie disclosure

Severity

High

Classification

CVE-2024-25607 CWE-916 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities