Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 3.2.0 - 3.9.24 Exploit type: Insecure Randomness Reported Date: 2021-01-13 Fixed Date: 2021-03-02 CVE Number: CVE-2021-23128 Description The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to "random_bytes()" and its backport that is shipped within random_compat. This issue has been coordinated with Akeeba Ltd as contributor of the original FOF codebase to the core. Affected Installs Joomla! CMS versions 3.2.0 - 3.9.24 Solution Upgrade to version 3.9.25 Contact The JSST at the Joomla! Security Centre. Reported By: Hanno Böck [20210302] - Core - Potential Insecure FOFEncryptRandval
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 3.2.0 - 3.9.24 Exploit type: Insecure Randomness Reported Date: 2021-01-13 Fixed Date: 2021-03-02 CVE Number: CVE-2021-23128 Description The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to "random_bytes()" and its backport that is shipped within random_compat. This issue has been coordinated with Akeeba Ltd as contributor of the original FOF codebase to the core. Affected Installs Joomla! CMS versions 3.2.0 - 3.9.24 Solution Upgrade to version 3.9.25 Contact The JSST at the Joomla! Security Centre. Reported By: Hanno Böck - Zugriffe: 380