[20210302] - Core - Potential Insecure FOFEncryptRandval

CVE-2021-23128

9.1CRITICAL

Key Information

Vendor: Joomla
Status: Joomla! Cms
Vendor: CVE Published:; 4 March 2021

Summary

An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat.

Affected Version(s)

Joomla! CMS = 3.2.0-3.9.24

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Mar 4, 2021
Vulnerability Reserved.
Jan 6, 2021

Collectors

NVD DatabaseMitre Database