Description
In Liferay Portal 7.1.3, 7.2.0 and possibly earlier unsupported versions, the Sign In widget may expose the user's email address and/or password in the page's HTML source. This may allow a third party to intercept the email address and/or password if the site does not use HTTPS.
Severity
Severity 2
Fixed Version(s)
- Liferay Portal 7.2.1
- March 2020 source patch for Liferay Portal 7.1.3. Details for working with source patches can be found on the Patching Liferay Portal page.
Publication date: Mon, 25 Nov 2019 08:45:00 +0000