VYPR
Unrated severityNVD Advisory· Published Mar 4, 2021· Updated Feb 25, 2026

[20210301] - Core - Insecure randomness within 2FA secret generation

CVE-2021-23127

Description

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Joomla/Joomla!llm-fuzzy2 versions
    >=3.2.0, <=3.9.24+ 1 more
    • (no CPE)range: >=3.2.0, <=3.9.24
    • (no CPE)range: 3.2.0-3.9.24
  • osv-coords
    Range: >= 3.2.0, < 3.9.25

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.