Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-9555

Unauthorized users may be able to retrieve username list and password hashed

    Details

    • Type: Bug
    • Status: Closed
    • Resolution: No Longer Reproducible
    • Affects Version/s: 5.1.2
    • Fix Version/s: 6.0.4 GA, 6.0.5 GA
    • Labels:
      None
    • Environment:
      We tested it on liferay 4.x and 5.x. It was not tested on Liferay 6.x
    • Branch Version/s:
      5.2.x, 5.1.x

      Description

      Since the vulnerability has an high impact, let us know the best way to handle the issue

        Attachments

          Activity

            People

            Assignee:
            raymond.auge Raymond Auge
            Reporter:
            minded Minded Security S.r.l. (Inactive)
            Participants of an Issue:
            Recent user:
            Esther Sanz
            Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              10 years, 20 weeks, 1 day ago

                Packages

                Version Package
                6.0.4 GA
                6.0.5 GA