How severe is CVE-2022-44796?

CVE-2022-44796 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2022-44796

Name: ootbi
Author: objectfirst

9.8CRITICAL

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT toke

Veröffentlicht: 11/7/2022Aktualisiert: 6/24/2025

Beschreibung

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically strong sequences. An attacker can predict these sequences and generate a JWT token. As a result, an attacker can get access to the Web UI. This is fixed in Object First Ootbi BETA build 1.0.13.1611.

KI-AnalyseKI-gestützt

Betroffene Produkte

objectfirstootbi

Referenzen

https://objectfirst.com/security/of-20221024-0002/
Vendor Advisory
https://objectfirst.com/security/of-20221024-0002/
Vendor Advisory