An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.
{ "cpes": [ "cpe:2.3:a:joomla:joomla!:*:*:*:*:*:*:*:*" ], "severity": "Critical" }