Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application.
The application generates tokens (e.g., for password reset or session) using a PRNG that does not meet cryptographic requirements and is initialized with a predictable seed. An attacker, knowing or guessing the seed value, is able to reproduce the sequence of generated tokens. By possessing a predictable token, they can perform account takeover without having any login credentials.
An unauthenticated attacker can take control of any user account in the application, gaining full access to their data and functions. As a result, it is possible to compromise the confidentiality, integrity, and availability of data processed by the survey system.
Objectplanet Opinio should be updated to a version newer than 7.22, in which the vendor has removed the vulnerability. Patch details are available in the vendor's changelog at: https://www.objectplanet.com/opinio/changelog.html
Objectplanet Opinio version 7.22 and all earlier versions
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HObjectplanet Opinio
APPObjectplanet< 7.23
Related vulnerabilities
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from para...
admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resu...
Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web app...
ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have <!ENTITY conten...
ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmi...