CVE-2021-33321

Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulted to true.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:liferay:dxp:*:*:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*

Information

Published : 2021-08-03 12:15

Updated : 2021-08-11 08:17


NVD link : CVE-2021-33321

Mitre link : CVE-2021-33321


JSON object : View

CWE
CWE-640

Weak Password Recovery Mechanism for Forgotten Password

Advertisement

dedicated server usa

Products Affected

liferay

  • liferay_portal
  • dxp