CVE-2021-33321

Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulted to true.
Configurations

Configuration 1

cpe:2.3:a:liferay:dxp:*:*:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*

Information

Published : 2021-08-03 07:15

Updated : 2021-08-11 03:17


NVD link : CVE-2021-33321

Mitre link : CVE-2021-33321

Products Affected
No products.
CWE
CWE-640

Weak Password Recovery Mechanism for Forgotten Password