Description

Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.

Remediation

References

CVE-2019-8118

Related Vulnerabilities

Atlassian Jira Incorrect Authorization Vulnerability (CVE-2018-20826)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.67)

WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.17)

WordPress Plugin UPM Polls 'qid' Parameter SQL Injection (1.0.3)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4288)

Severity

Medium

Classification

CVE-2019-8118 CWE-312 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities