Security Advisory

CVE-2021-29041

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-05-16 15:14:22
Last updated 2024-08-03 21:55:12
Assigner mitre
State PUBLISHED

Description

Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the other users TOTP shared secret.