CVE-2021-29041

Name of the Vulnerable Software and Affected Versions: Liferay DXP version 7.3 before fix pack 1

Description: A denial-of-service issue exists in the Multi-Factor Authentication module, allowing remote authenticated attackers to prevent user authentication. This can be achieved by either enabling Time-based One-time password (TOTP) on behalf of another user or modifying the TOTP shared secret of another user.

Recommendations: For Liferay DXP version 7.3 before fix pack 1, apply fix pack 1 to resolve the issue. As a temporary workaround, consider restricting access to the Multi-Factor Authentication module to minimize the risk of exploitation.