Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the other user's TOTP shared secret.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-03T21:55:12.504Z

Reserved: 2021-03-22T00:00:00

Link: CVE-2021-29041

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-05-16T16:15:07.260

Modified: 2024-11-21T06:00:34.730

Link: CVE-2021-29041

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.