Owa · Open Web Analytics · CVE-2014-1457
**Name of the Vulnerable Software and Affected Versions**
Open Web Analytics (OWA) versions prior to 1.5.6
**Description**
The issue concerns the improper generation of random nonce values, which can be exploited by remote attackers to bypass a CSRF protection mechanism. This can be achieved by leveraging knowledge of an OWA user name.
**Recommendations**
For versions prior to 1.5.6, update to version 1.5.6 or later to resolve the issue.