CVE-2014-1457
Open Web Analytics (OWA) before 1.5.6 is affected by CVE-2014-1457: it generates nonces for CSRF protection in a way that can be bypassed by knowledge of an OWA user name. Affects the OWA component responsible for CSRF defense; root cause is nonce generation not sufficiently random. Impact is par...