3 matches found
CVE-2022-44796
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically...
CVE-2022-44796
CVE-2022-44796 concerns Object First Ootbi BETA. Affected versions: 1.0.7.712 (and up to 1.0.13.1610 per PT-2022-27316) with an authorization flow that allows access to the Web UI without credentials. The root cause is a JWT signing key generated by a function that does not produce cryptographica...
CVE-2022-44796
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically...