Impact

Account takeover and privilege escalation is possible in applications versions before 1.4.4. This is due to a vulnerability in the generated java classes: CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Patches

This problem has been patched in 1.4.4

References

#446

For more information

If you have any questions or comments about this advisory:

• Open an issue in OpenLearnr
• Email us at [email protected]