CVE-2021-23127

State: PUBLISHED · Published: 2021-03-04 · Updated: 2026-02-25 · Assigner: Joomla

Description

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.

CWE

(none)

Affected

Joomla! Project / Joomla! CMS — v=3.2.0-3.9.24 [affected]

CVSS

(none)

References

https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html x_refsource_MISC, vendor-advisory

Source

cvelistV5-main/cves/2021/23xxx/CVE-2021-23127.json