Dot CMS Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability - CVE-2022-45782 - Vulnerability Database

Dot CMS Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability - CVE-2022-45782

High
Reference: CVE-2022-45782
Title: Dot CMS Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability
Overview:

An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover.