CVE-2021-29043 S3 store's proxy password visible in System Settings

Description

The Portal Store module in Liferay Portal 7.0.0 through 7.3.5 does not obfuscate the S3 store's proxy password, which allows attackers to steal the proxy password via man-in-the-middle attacks or shoulder surfing.

Severity

Severity 2

Fixed Version(s)

There is no fix available for Liferay Portal 7.0 and 7.1. Please upgrade to Liferay Portal 7.3.

Publication date: Mon, 10 May 2021 16:00:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.