CVE-2022-44796

Published: Nov 7, 2022

Modified: May 1, 2025

PUBLISHED

Description

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically strong sequences. An attacker can predict these sequences and generate a JWT token. As a result, an attacker can get access to the Web UI. This is fixed in Object First Ootbi BETA build 1.0.13.1611.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://objectfirst.com/security/of-20221024-0002/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-44796

Description

Affected Products

References