CVE-2022-44796

Name of the Vulnerable Software and Affected Versions Object First Ootbi BETA versions 1.0.7.712 through 1.0.13.1610

Description An issue was discovered in the authorization service, allowing access to the Web UI without knowing credentials. The JWT token uses a secret key generated through a function that doesn't produce cryptographically strong sequences, making it predictable for attackers to generate a JWT token and gain access to the Web UI.

Recommendations For versions 1.0.7.712 through 1.0.13.1610, update to version 1.0.13.1611 to resolve the issue. As a temporary workaround, consider restricting access to the Web UI until the update is applied.