Description
Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.
Remediation
References
Related Vulnerabilities
AngularJS Inefficient Regular Expression Complexity Vulnerability (CVE-2023-26117)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-0145)
WordPress Plugin eShop Multiple Vulnerabilities (6.3.13)
Python Improper Input Validation Vulnerability (CVE-2013-4238)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-14642)