Description

Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.

Remediation

References

CVE-2019-8118

Related Vulnerabilities

PHP Use of Externally-Controlled Format String Vulnerability (CVE-2011-1153)

WordPress Plugin Target First Live chat Unspecified Vulnerability (1.0)

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (6.4.2)

WordPress Plugin Google Analytics Top Content Widget Cross-Site Scripting (1.5.6)

WordPress Plugin Stylish Cost Calculator Cross-Site Scripting (7.0.3)

Severity

Medium

Classification

CVE-2019-8118 CWE-312 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities