CVE-2021-23127
CRITICAL9.1EPSS 0.01%[20210301] - Core - Insecure randomness within 2FA secret generation
Published: 4/3/2025Modified: 5/20/2025
Description
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.
Affected packages (1)
- Bitnami/joomla>= 3.2.0, < 3.9.25
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |