CVE-2021-23127
CRITICALJoomla! 3.2.0-3.9.24 - Insecure Randomness in 2FA Secret Generation
Title source: llmDescription
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
vendor-advisory
https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html
Scores
CVSS v3
9.1
EPSS
0.0001
EPSS Percentile
1.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
Status
published
Products (1)
joomla/joomla\!
3.2.0 - 3.9.25
Published
Mar 04, 2021
Tracked Since
Feb 18, 2026