Description
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.
Scores
CVSS v3
5.3
EPSS
0.0001
EPSS Percentile
1.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-338
Status
published
Products (1)
joomla/joomla\!
3.2.0 - 3.9.25
Published
Mar 04, 2021
Tracked Since
Feb 18, 2026