CVE-2021-29041
Last modified
CVE-2021-29041 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the other user's TOTP shared secret.. EPSS estimates a 1.15% chance of exploitation in the next 30 days.
Description
Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the other user's TOTP shared secret.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Liferay | Dxp | < 7.3 |
| Liferay | Dxp | 7.3 |
References
- http://liferay.comVendor Advisory
- https://issues.liferay.com/browse/LPE-17131Issue Tracking, Vendor Advisory
- http://liferay.comVendor Advisory
- https://issues.liferay.com/browse/LPE-17131Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-29041?
How severe is CVE-2021-29041?
How do I fix CVE-2021-29041?
Are you affected by CVE-2021-29041?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST