CVE-2019-8118: Cleartext Storage of Sensitive Information

May 24, 2022 (updated July 18, 2023)

Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.

References

github.com/advisories/GHSA-hmch-9947-82rj
nvd.nist.gov/vuln/detail/CVE-2019-8118
web.archive.org/web/20220121051105/https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update

Detect and mitigate CVE-2019-8118 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →