Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Dot CMS Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability - CVE-2022-45782 - Vulnerability Database
Dot CMS

Dot CMS Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability - CVE-2022-45782

High
Reference: CVE-2022-45782
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-45782
Title: Dot CMS Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability
Overview:

An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover.