BIT-joomla-2021-23127

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/joomla/BIT-joomla-2021-23127.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-joomla-2021-23127

Aliases

CVE-2021-23127

Published

2025-04-03T14:12:18.004Z

Modified

2025-04-03T15:27:17.273988Z

Summary

[none]

Details

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.

Database specific

{
    "cpes": [
        "cpe:2.3:a:joomla:joomla!:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
}

References

https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html
https://nvd.nist.gov/vuln/detail/CVE-2021-23127

Affected packages

Bitnami / joomla

Package

Name: joomla
Purl: pkg:bitnami/joomla

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

3.2.0

Fixed

3.9.25