{"uuid": "6023a0aa-8abc-4d47-b921-09e369508fde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-26270", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3316", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-26270\n\ud83d\udd25 CVSS Score: 6.4 (CVSS_V3)\n\ud83d\udd39 Description: The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user\u2019s hashed password in the page\u2019s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password.\n\ud83d\udccf Published: 2024-02-20T15:31:05Z\n\ud83d\udccf Modified: 2025-01-28T23:15:23Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-26270\n2. https://github.com/liferay/liferay-portal\n3. https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26270", "creation_timestamp": "2025-01-29T00:09:49.000000Z"}