Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Liferay DXP Weak Password Recovery Mechanism for Forgotten Password Vulnerability - CVE-2021-33321 - Vulnerability Database
Liferay DXP

Liferay DXP Weak Password Recovery Mechanism for Forgotten Password Vulnerability - CVE-2021-33321

High
Reference: CVE-2021-33321
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-33321
Title: Liferay DXP Weak Password Recovery Mechanism for Forgotten Password Vulnerability
Overview:

Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2 and Liferay DXP before 7.3 allows remote attackers to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulted to true.