Cryptographically Insecure Random Generation Algorithm in dotCMS Core Leads to Account Takeover

Cryptographically Insecure Random Generation Algorithm in dotCMS Core Leads to Account Takeover

CVE-2022-45782 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover.

Learn more about our Cms Pen Testing.