Количество 2
Количество 2
CVE-2021-29038
Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not obfuscate password reminder answers on the page, which allows attackers to use man-in-the-middle or shoulder surfing attacks to steal user's password reminder answers.
GHSA-mwhf-6mjm-6w3h
Liferay Portal and Liferay DXP Does Not Obfuscate Password Reminder Answers
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-29038 Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not obfuscate password reminder answers on the page, which allows attackers to use man-in-the-middle or shoulder surfing attacks to steal user's password reminder answers. | CVSS3: 6.3 | 0% Низкий | почти 2 года назад |
| GHSA-mwhf-6mjm-6w3h Liferay Portal and Liferay DXP Does Not Obfuscate Password Reminder Answers | CVSS3: 6.3 | 0% Низкий | почти 2 года назад |
Уязвимостей на страницу