CVE-2021-23127: [20210301] - Core - Insecure randomness within 2FA secret generation
First published: Tue Mar 02 2021(Updated: )
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.
Credit: security@joomla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Joomla Joomla\! | >=3.2.0<3.9.25 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Joomla issue?
The vulnerability ID for this Joomla issue is CVE-2021-23127.
What is the severity rating of CVE-2021-23127?
CVE-2021-23127 has a severity rating of 9.1 (critical).
What is the affected software version range for CVE-2021-23127?
CVE-2021-23127 affects Joomla versions 3.2.0 through 3.9.24.
What is the description of CVE-2021-23127?
CVE-2021-23127 is a vulnerability in Joomla where an insufficient length is used for the 2FA secret according to RFC 4226, with 10 bytes instead of 20 bytes.
How can the vulnerability in CVE-2021-23127 be fixed?
To fix the vulnerability in CVE-2021-23127, users should update to Joomla version 3.9.25 or later, which addresses the issue.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/title
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/joomla
- canonical/joomla joomla\!
- version/joomla joomla\!/3.2.0