Description

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.

Remediation

References

CVE-2021-23126

Related Vulnerabilities

MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2016-6664)

WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.5)

Atlassian Jira Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-15001)

WordPress Plugin Image Gallery-Responsive Photo Gallery Cross-Site Scripting (1.4.0)

WordPress Plugin Advanced Dynamic Pricing for WooCommerce Cross-Site Request Forgery (4.1.3)

Severity

Medium

Classification

CVE-2021-23126 CWE-326 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities