CVE-2023-23755
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published May 30, 2023
Updated: Jan 9, 2025
CWE ID 307
Summary
CVE-2023-23755 is a vulnerability affecting Joomla! versions 4.2.0 to 4.3.1. This issue permits brute force attacks against Multi-Factor Authentication (MFA) methods due to insufficient rate limiting. An attacker can exploit this vulnerability to repeatedly attempt MFA codes until a valid one is guessed, potentially gaining unauthorized access to affected Joomla! installations. This poses a significant risk to websites using these versions of Joomla! and emphasizes the importance of implementing rate limiting as a security measure.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Joomla