CVE-2021-29041

MEDIUM6.5EPSS 0.51%

Liferay DXP Vulnerable to Denial-of-service (DoS) in the Multi-Factor Authentication Module

Published: 5/24/2022Modified: 5/14/2025

Description

Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the other user's TOTP shared secret.

Affected packages (1)

Maven/com.liferay.portal:release.dxp.bomfrom 0, < 7.3.10.fp1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-29041
PATCHhttps://github.com/liferay/liferay-portal
WEBhttp://liferay.com
WEBhttps://issues.liferay.com/browse/LPE-17131