CVE-2021-29038: Uncovering the Liferay Portal Security Vulnerability and How to Protect Yourself

We're all concerned about the security of our online accounts and the websites we use. We trust companies to manage our valuable data and keep it safe from unwanted eyes. Liferay Portal is a popular web platform used by many businesses and individuals to manage and organize their content and operations. In this post, we'll dive into the details of the CVE-2021-29038 security vulnerability found in Liferay Portal, how it can be exploited, and most importantly, how to protect yourself from becoming a victim.

Background

Liferay Portal is a robust, open-source platform that enables the creation of dynamic websites, content management systems, and intranet portals. It is widely used by businesses for its flexibility and ease of use. However, a recent vulnerability (CVE-2021-29038) discovered in Liferay Portal has raised some eyebrows among security experts.

Affected Versions

The vulnerability impacts Liferay Portal 7.2. through 7.3.5 and older unsupported versions. In the case of Liferay DXP, the affected versions are 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions.

The Vulnerability

CVE-2021-29038 is primarily related to the way Liferay Portal handles password reminder answers on the page. The system does not obfuscate the password reminder answers, which means they are displayed in plain text. This opens the door for attackers to use man-in-the-middle or shoulder surfing attacks to steal user's password reminder answers.

Exploit Details

A man-in-the-middle attack involves an attacker intercepting the communication between two parties, allowing them to read, modify or inject new data into the communication. In the case of CVE-2021-29038, an attacker could use this method to intercept the password reminder answers as they are transmitted to and from the Liferay Portal server.

On the other hand, shoulder surfing is a more physical form of attack, in which the attacker merely observes the target's screen while they enter sensitive information. In the case of this vulnerability, the attacker could spot the target's password reminder answers as they appear on the screen in plain text.

Here's a code snippet that demonstrates the issue with Liferay Portal

<liferay-ui:input-field
	model-hint="users.password-reminder-question-answer"
	name="reminderQueryAnswer"
	value="<%=HtmlUtil.escape(user.getReminderQueryAnswer())%>"
/>

This code snippet shows that Liferay Portal does not obfuscate the password reminder answer, making it easy for an attacker to steal the answer through man-in-the-middle or shoulder surfing attacks.

Original References

1. Liferay Security Bulletin: https://portal.liferay.dev/labs/research/cve-2021-29038
2. Liferay Portal Official Website: https://www.liferay.com/
3. Liferay DXP Version Details: https://help.liferay.com/hc/en-us/articles/360018175151-Liferay-DXP-Compatibility-Matrix

How to Protect Yourself

To safeguard your Liferay Portal installation against this security vulnerability, it is crucial to keep your Liferay Portal and Liferay DXP installations up-to-date. Make sure to install the latest fix packs or service packs as they are released.

In the case of Liferay DXP, you should update to fix pack 1 for version 7.3 or to fix pack 17 for version 7.2. For Liferay Portal, consider upgrading to the latest version (7.3.6 or newer) or installing a security patch for your current version.

Additionally, educating users about shoulder surfing and recommending best practices for creating strong, unique password reminder answers is essential to reducing the risk posed by this vulnerability.

Conclusion

Security is a continuous journey and a shared responsibility. The CVE-2021-29038 vulnerability in Liferay Portal highlights the need for keeping your web platforms and applications up-to-date and ensuring your users understand the risks associated with failing to protect their information. Stay vigilant, stay informed, and stay safe.

Timeline

Published on: 02/20/2024 22:15:08 UTC
Last modified on: 11/15/2024 18:35:29 UTC