An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Joomla

Published: 2021-03-04T17:37:14.499073Z

Updated: 2024-09-17T01:46:00.654Z

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-23128

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2021-03-04T18:15:13.363

Modified: 2021-03-05T20:56:02.373

Link: CVE-2021-23128

cve-icon Redhat

No data.