CVE-2024-26270

Vulnerability Description

The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password.

Vulnerability Details

Published Date

February 20, 2024

Last Modified

January 28, 2025

Source

NVD

CVE-2024-26270

Vulnerability Description

Vulnerability Details

Discussion (0)

Add Comment