Name of the Vulnerable Software and Affected Versions:

Objectplanet Opinio versions 7.22 and prior

Description:

The issue is related to the use of a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application.

Recommendations:

For Objectplanet Opinio versions 7.22 and prior, update to a version that uses a cryptographically secure pseudo-random number generator to prevent unauthenticated account takeover.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.