CVE-2014-3503
EPSS 1.9%Apache Syncope uses a weak PNRG
Published: 5/14/2022Modified: 12/8/2024
Also known as:GHSA-4c72-mrhf-23cg
Description
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.
Affected packages (1)
- Maven/org.apache.syncope:syncope>= 1.1.0, < 1.1.8
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-3503
- WEBhttp://packetstormsecurity.com/files/127375/Apache-Syncope-Insecure-Password-Generation.html
- WEBhttps://github.com/apache/syncope/commit/8e0045925a387ee211832c7e0709dd418cda1ad3
- WEBhttps://syncope.apache.org/security.html#cve-2014-3503-insecure-random-implementations-used-to-generate-p
- WEBhttp://svn.apache.org/viewvc?view=revision&revision=r1596537
- WEBhttps://web.archive.org/web/20140728093808/http://www.securityfocus.com/bid/68431
- WEBhttps://web.archive.org/web/20201207014021/http://www.securityfocus.com/archive/1/532669/100/0/threaded