Use of cryptographically weak random number generator for password generation in umbraco/umbraco-cms
Mar 29th 2022
Umbraco has a
GeneratePassword function that is used to generate passwords that should be unpredictable, this function uses the .NET Random class which isn't cryptographically secure.
This vulnerability is capable of allowing attackers to predict generated passwords and use them to login to newly-created accounts.