CVE-2023-4472

CVSS V2 None CVSS V3 None

Description

Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application.

Overview

CVE ID
CVE-2023-4472

Assigner
Mandiant

Vulnerability Status
PUBLISHED

Published Version
2024-02-01T22:11:21.361Z

Last Modified Date
2024-06-04T17:27:19.039Z

Weakness Enumerations

CWE	URL
CWE-335	http://cwe.mitre.org/data/definitions/335.html

References

Reference URL	Reference Tags
https://www.objectplanet.com/opinio/changelog.html
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2024/MNDT-2024-0002.md

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-4472
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4472

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 20:11:13				Added to TrackCVE