An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10240
Reference (s):
- https://developer.joomla.org/security-centre/805-20200304-core-identifier-collisions-in-com-users