{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-4472","assignerOrgId":"027e81ed-0dd4-4685-ab4d-884aec5bb484","state":"PUBLISHED","assignerShortName":"Mandiant","dateReserved":"2023-08-21T19:42:17.822Z","datePublished":"2024-02-01T22:11:21.361Z","dateUpdated":"2025-06-11T16:45:41.501Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","platforms":["All","Cloud","Browser"],"product":"Opinio","vendor":"Objectplanet","versions":[{"status":"affected","version":"7.22"},{"status":"unaffected","version":"7.23"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Amine Ismail, Mandiant"},{"lang":"en","type":"reporter","user":"00000000-0000-4000-9000-000000000000","value":"Amine Ismail, Mandiant"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application."}],"value":"Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application."}],"impacts":[{"capecId":"CAPEC-59","descriptions":[{"lang":"en","value":"CAPEC-59 Session Credential Falsification through Prediction"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-335","description":"CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"027e81ed-0dd4-4685-ab4d-884aec5bb484","shortName":"Mandiant","dateUpdated":"2024-02-01T22:11:21.361Z"},"references":[{"url":"https://www.objectplanet.com/opinio/changelog.html"},{"url":"https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2024/MNDT-2024-0002.md"}],"source":{"discovery":"EXTERNAL"},"timeline":[{"lang":"en","time":"2023-08-21T17:00:00.000Z","value":"Issue reported to Objectplanet and CVE number assigned."},{"lang":"en","time":"2023-08-22T17:00:00.000Z","value":"Issue confirmed by Objectplanet and announced that a patch will be released in the next version."},{"lang":"en","time":"2023-08-31T17:00:00.000Z","value":"Objectplanet released version 7.23. Mandiant delayed vulnerability disclosure to allow Opinio customers time to patch."}],"title":"Cryptographically weak PRNG in Opinio 7.22","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":9.8,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-02-21T19:37:11.901532Z","id":"CVE-2023-4472","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-11T16:45:41.501Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T07:31:05.503Z"},"title":"CVE Program Container","references":[{"url":"https://www.objectplanet.com/opinio/changelog.html","tags":["x_transferred"]},{"url":"https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2024/MNDT-2024-0002.md","tags":["x_transferred"]}]}]}}