Main Vulnerability Database Vulnerabilities #VU30884

Cryptographic issues in Magento Open Source - CVE-2019-7858

Published: August 3, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU30884

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-7858

CWE-ID: CWE-310

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Adobe

Affected software:
Magento Open Source

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.

How to mitigate CVE-2019-7858

Install update from vendor's website.

Sources

https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23

Cryptographic issues in Magento Open Source - CVE-2019-7858

Detailed vulnerability description

How to mitigate CVE-2019-7858

Sources

Please verify you're human