In Liferay Portal 7.3.0 and previous versions, and Liferay DXP 7.2 and previous versions the default configuration does not require users to verify their email address, which allows remote malicious users to create accounts using fake email addresses or email addresses which they don't control. The portal property `company.security.strangers.verify` should be set to true.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
liferay digital experience platform 7.2 |
||
liferay digital experience platform 7.1 |
||
liferay digital experience platform 7.0 |
||
liferay liferay portal |