Weak Cryptographic Function Used for Storing Failed Login Attempts in Magento

Weak Cryptographic Function Used for Storing Failed Login Attempts in Magento

CVE-2019-8118 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.

Learn more about our Web Application Penetration Testing UK.