CVE-2019-8118

Description

Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.

Affected products

• Adobe Systems Incorporated / Magento 2Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p2 – Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p2

References

• MISChttps://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update