CVE-2019-8118
MEDIUMMagento 2.1.0-2.1.18, 2.2.0-2.2.9, 2.3.0-2.3.2 - Cleartext Storage of Sensitive Information
Title source: llmDescription
Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
Scores
CVSS v3
5.3
EPSS
0.0005
EPSS Percentile
14.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-312
Status
published
Products (3)
magento/community-edition
2.1.0 - 2.1.19Packagist
magento/magento
2.3.2 (2 CPE variants)
magento/magento
2.1.0 - 2.1.19 (2 CPE variants)
Published
Nov 05, 2019
Tracked Since
Feb 18, 2026