Description

Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the other user's TOTP shared secret.

Remediation

References

CVE-2021-29041

Related Vulnerabilities

WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.15)

WordPress Plugin Centrora Security Multiple Vulnerabilities (6.5.6)

PHP Other Vulnerability (CVE-2006-4485)

Oracle JRE CVE-2018-2797 Vulnerability (CVE-2018-2797)

WordPress Plugin Answer My Question Cross-Site Scripting (1.3)

Severity

Medium

Classification

CVE-2021-29041

Tags

Missing Update Known Vulnerabilities