Description
Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the other user's TOTP shared secret.
Remediation
References
Related Vulnerabilities
Caddy Web Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28923)
Liferay DXP Incorrect Authorization Vulnerability (CVE-2024-25604)
Oracle JRE CVE-2024-20955 Vulnerability (CVE-2024-20955)
Joomla! Core 3.x.x Cross-Site Scripting (3.6.0 - 3.9.6)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-7128)