Description
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.
Remediation
References
http://www.securityfocus.com/bid/68431
http://syncope.apache.org/security.html
http://packetstormsecurity.com/files/127375/Apache-Syncope-Insecure-Password-Generation.html
http://www.securityfocus.com/archive/1/532669/100/0/threaded
Related Vulnerabilities
CVE-2020-26272 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-34602 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base-core
CVE-2022-25186 Vulnerability in maven package com.datapipe.jenkins.plugins:hashicorp-vault-plugin
CVE-2023-37945 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp
CVE-2023-1664 Vulnerability in maven package org.keycloak:keycloak-core