Description

Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Remediation

References

http://packetstormsecurity.com/files/127375/Apache-Syncope-Insecure-Password-Generation.html

http://syncope.apache.org/security.html

http://www.securityfocus.com/archive/1/532669/100/0/threaded

http://www.securityfocus.com/bid/68431

Related Vulnerabilities

CVE-2011-1475 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2014-0097 Vulnerability in maven package org.springframework.security:spring-security-core

CVE-2013-4316 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2023-33943 Vulnerability in maven package com.liferay:com.liferay.account.admin.web

CVE-2023-43497 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory