Description

Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Remediation

References

http://www.securityfocus.com/bid/68431

http://syncope.apache.org/security.html

http://packetstormsecurity.com/files/127375/Apache-Syncope-Insecure-Password-Generation.html

http://www.securityfocus.com/archive/1/532669/100/0/threaded

Related Vulnerabilities

CVE-2022-36887 Vulnerability in maven package org.jenkins-ci.plugins:jobconfighistory

CVE-2022-45855 Vulnerability in maven package org.apache.ambari:ambari

CVE-2017-1000006 Vulnerability in maven package org.webjars.npm:plotly.js

CVE-2023-24425 Vulnerability in maven package com.cloudbees.jenkins.plugins:kubernetes-credentials-provider

CVE-2019-10403 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory