Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:08
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/127375/Apache-Syncope-Insecure-Password-Generation.html - | |
References | () http://syncope.apache.org/security.html - Vendor Advisory | |
References | () http://www.securityfocus.com/archive/1/532669/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/68431 - |
Information
Published : 2014-07-11 14:55
Updated : 2024-11-21 02:08
NVD link : CVE-2014-3503
Mitre link : CVE-2014-3503
CVE.ORG link : CVE-2014-3503
JSON object : View
Products Affected
apache
- syncope
CWE
CWE-310
Cryptographic Issues