vulnerability

Joomla!: [20210301] - Core - Insecure randomness within 2FA secret generation (CVE-2021-23126)

Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
Mar 3, 2021
Added
Mar 3, 2021
Modified
Apr 23, 2025

Description

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.

Solution

joomla-upgrade-3_9_25
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.