6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-26270

GHSA ID

GHSA-xq4r-4xfh-vch8

EPSS Score

0.39717%

CWE

CWE-201

Published

2/20/2024

Updated

1/28/2025

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-26270

CVE-2024-26270: Liferay Portal and Liferay DXP vulnerable to theft of hashed password

The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password.

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-26270

GHSA ID

GHSA-xq4r-4xfh-vch8

EPSS Score

0.39717%

CWE

CWE-201

Published

2/20/2024

Updated

1/28/2025

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.liferay.portal:release.portal.bom	maven	>= 7.4.3.76, < 7.4.3.100	7.4.3.100
com.liferay.portal:release.dxp.bom	maven	>= 2023.Q3, < 2023.Q3.5	2023.Q3.5
com.liferay.portal:release.dxp.bom	maven	>= 7.4.0, <= 7.4.13.u92

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the Account Settings page embedding hashed passwords in HTML output. In Liferay's architecture:

Portlet render methods (like AccountSettingsPortlet.render) typically prepare data for display
JSP files (like view.jsp) handle HTML generation
The CWE-201 classification indicates sensitive data insertion during response generation
The MITM attack vector implies client-side exposure of the hash While exact code isn't available, Liferay's modular structure and vulnerability pattern strongly suggest these components are responsible for improperly exposing the password hash during page rendering.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** ***ount S*ttin*s p*** in Li**r*y Port*l *.*.*.** t*rou** *.*.*.**, *n* Li**r*y *XP ****.Q* ***or* p*t** *, *n* *.* up**t* ** t*rou** ** *m***s t** us*r’s **s*** p*sswor* in t** p***’s *TML sour**, w*i** *llows m*n-in-t**-mi**l* *tt**k*rs to st**l

Reasoning

T** vuln*r**ility st*ms *rom t** ***ount S*ttin*s p*** *m****in* **s*** p*sswor*s in *TML output. In Li**r*y's *r**it**tur*: *. Portl*t r*n**r m*t*o*s (lik* ***ountS*ttin*sPortl*t.r*n**r) typi**lly pr*p*r* **t* *or *ispl*y *. JSP *il*s (lik* vi*w.jsp

6.5

Basic Information

Concerned about an active attack path?

CVE-2024-26270: Liferay Portal and Liferay DXP vulnerable to theft of hashed password

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI