An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.
{ "cpes": [ "cpe:2.3:a:joomla:joomla!:*:*:*:*:*:*:*:*" ], "severity": "Medium" }