Duracell80

**Name of the Vulnerable Software and Affected Versions** Liferay Portal versions 7.2.0 through 7.3.5 Liferay DXP 7.3 before fix pack 1 Liferay DXP 7.2 before fix pack 17 **Description** The issue allows attackers to use man-in-the-middle or shoulder surfing attacks to steal user's password reminder answers because password reminder answers are not obfuscated on the page. **Recommendations** For Liferay Portal versions 7.2.0 through 7.3.5, update to a version that includes the fix for this issue. For Liferay DXP 7.3, apply fix pack 1 or later. For Liferay DXP 7.2, apply fix pack 17 or later. As a temporary workaround, consider implementing additional security measures to protect against man-in-the-middle and shoulder surfing attacks, such as using HTTPS and educating users about the risks of using public computers or public networks to access sensitive information.