Account takeover and privilege escalation is possible in versions <=1.4.3
Package
No package listed
Affected versions
<=1.4.3
Patched versions
1.4.4
Description
Credits
-
JLLeitschuh Analyst
JLLeitschuh
Analyst
Impact
Account takeover and privilege escalation is possible in applications versions before 1.4.4. This is due to a vulnerability in the generated java classes: CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Patches
This problem has been patched in 1.4.4
References
#446
For more information
If you have any questions or comments about this advisory: