My university uses Onity locks for universal access with ID cards. This means our campus (and residences) are vulnerable, too, right? Are you aware of many universities that use similar systems?
So, those locks are the CT (commercial, Integra) locks. I strongly suspect that they're vulnerable to roughly the same thing, but I haven't tested them to see for sure. There are two reasons I believe this to be the case: the only difference between the PP20 (portable programmer used in the Onity HT system for hotels) and the CT PP is a swapped out EPROM. Given the similarity of the systems from a high-level perspective and the PP differences, I'd be very surprised if they weren't similarly vulnerable.
At some point I'd love to test the CT side, but 1) the hardware is tough to get hold of, and 2) it's not a very popular system, so it's not that interesting. I think it'd be pretty straightforward, though.