Description
Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the other user's TOTP shared secret.
Remediation
References
Related Vulnerabilities
Dolphin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3167)
MySQL CVE-2015-0423 Vulnerability (CVE-2015-0423)
WordPress Plugin Couponer 'print-coupon.php' SQL Injection (1.2)
WordPress Plugin Google XML Sitemap for Images Cross-Site Request Forgery (2.1.3)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6635)