Description

Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Remediation

References

http://packetstormsecurity.com/files/127375/Apache-Syncope-Insecure-Password-Generation.html

http://syncope.apache.org/security.html

http://www.securityfocus.com/archive/1/532669/100/0/threaded

http://www.securityfocus.com/bid/68431

Related Vulnerabilities

CVE-2010-3449 Vulnerability in maven package org.codehaus.redback:redback-system

CVE-2023-25158 Vulnerability in maven package org.geotools.jdbc:gt-jdbc-postgis

CVE-2021-26920 Vulnerability in maven package org.apache.druid:druid-core

CVE-2022-42467 Vulnerability in maven package org.apache.isis.core:isis-core-config

CVE-2015-8795 Vulnerability in maven package org.apache.solr:solr

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory