Insecure rand() Function Used in 2FA Secret Generation in Joomla!

Insecure rand() Function Used in 2FA Secret Generation in Joomla!

CVE-2021-23126 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.

Learn more about our Web Application Penetration Testing UK.