CVE-2021-29038 Information

Description

Liferay Portal 7.2.0 through 7.3.5 and older unsupported versions and Liferay DXP 7.3 before fix pack 1 7.2 before fix pack 17 and older unsupported versions does not obfuscate password reminder answers on the page which allows attackers to use man-in-the-middle or shoulder surfing attacks to steal user’s password reminder answers.

Reference

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-29038