CVE-2014-3503: Apache Syncope uses a weak PNRG
(updated )
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.
References
- packetstormsecurity.com/files/127375/Apache-Syncope-Insecure-Password-Generation.html
- svn.apache.org/viewvc?view=revision&revision=r1596537
- github.com/advisories/GHSA-4c72-mrhf-23cg
- github.com/apache/syncope/commit/8e0045925a387ee211832c7e0709dd418cda1ad3
- nvd.nist.gov/vuln/detail/CVE-2014-3503
- syncope.apache.org/security.html
- web.archive.org/web/20140728093808/http://www.securityfocus.com/bid/68431
- web.archive.org/web/20201207014021/http://www.securityfocus.com/archive/1/532669/100/0/threaded
Code Behaviors & Features
Detect and mitigate CVE-2014-3503 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →