Liferay DXP Weak Password Recovery Mechanism for Forgotten Password Vulnerability - CVE-2021-33321 - Vulnerability Database

Liferay DXP Weak Password Recovery Mechanism for Forgotten Password Vulnerability - CVE-2021-33321

High
Reference: CVE-2021-33321
Title: Liferay DXP Weak Password Recovery Mechanism for Forgotten Password Vulnerability
Overview:

Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2 and Liferay DXP before 7.3 allows remote attackers to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulted to true.