5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.0%
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.
packetstormsecurity.com/files/127375/Apache-Syncope-Insecure-Password-Generation.html
svn.apache.org/viewvc?view=revision&revision=r1596537
github.com/apache/syncope/commit/8e0045925a387ee211832c7e0709dd418cda1ad3
nvd.nist.gov/vuln/detail/CVE-2014-3503
syncope.apache.org/security.html#cve-2014-3503-insecure-random-implementations-used-to-generate-p
web.archive.org/web/20140728093808/www.securityfocus.com/bid/68431
web.archive.org/web/20201207014021/www.securityfocus.com/archive/1/532669/100/0/threaded