com.liferay:com.liferay.users.admin.web@6.0.37 vulnerabilities

latest version

11.0.23

latest non vulnerable version

11.0.23

first published

8 years ago

latest version published

14 days ago

licenses detected

LGPL-2.1
[1.0.0,)

package manager

View on Maven Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the com.liferay:com.liferay.users.admin.web package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Insufficiently Protected Credentials Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to `user_display_data.jsp` exposing password hashes in the code of the Account Settings page, while in transit. An attacker in a MitM position can intercept the hashed password when loading the page. How to fix Insufficiently Protected Credentials? Upgrade `com.liferay:com.liferay.users.admin.web` to version 6.0.111 or higher.	[,6.0.111)

Insufficiently Protected Credentials

Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to user_display_data.jsp exposing password hashes in the code of the Account Settings page, while in transit. An attacker in a MitM position can intercept the hashed password when loading the page.

How to fix Insufficiently Protected Credentials?

Upgrade com.liferay:com.liferay.users.admin.web to version 6.0.111 or higher.

[,6.0.111)

Go back to all versions of this package