Vulnerabilities > CVE-2021-29041 - Unspecified vulnerability in Liferay DXP 7.0

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

liferay

NVD

Published: 2021-05-16

Updated: 2021-05-24

Summary

Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the other user's TOTP shared secret.

Vulnerable Configurations

Part	Description	Count
Application	Liferay Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3	106

References

https://issues.liferay.com/browse/LPE-17131
http://liferay.com