CVE-2021-25958

Name of the Vulnerable Software and Affected Versions Apache Ofbiz versions v17.12.01 through v17.12.07

Description The issue in Apache Ofbiz involves the implementation of a try-catch exception to handle errors at multiple locations, which results in leaking sensitive table information. This could aid an attacker in further reconnaissance. A user can register with a very long password, but attempting to log in with it causes an exception to occur.

Recommendations For Apache Ofbiz versions v17.12.01 through v17.12.07, consider restricting the length of passwords to prevent exceptions that could leak sensitive information. As a temporary workaround, consider disabling the registration feature with very long passwords until a patch is available. Restrict access to sensitive table information to minimize the risk of exploitation.