Lucene search

PRIOn knowledge basePRION:CVE-2014-3503

HistoryJul 11, 2014 - 2:55 p.m.

Default credentials

2014-07-1114:55:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

80.8%

JSON

Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

CPENameOperatorVersion
syncopeeq1.1.6
syncopeeq1.1.3
syncopeeq1.1.1
syncopeeq1.1.5
syncopeeq1.1.0
syncopeeq1.1.2
syncopeeq1.1.4
syncopeeq1.1.7

Name	Operator	Version
syncope	eq	1.1.6
syncope	eq	1.1.3
syncope	eq	1.1.1
syncope	eq	1.1.5
syncope	eq	1.1.0
syncope	eq	1.1.2
syncope	eq	1.1.4
syncope	eq	1.1.7

References

packetstormsecurity.com/files/127375/Apache-Syncope-Insecure-Password-Generation.html

syncope.apache.org/security.html

www.securityfocus.com/archive/1/532669/100/0/threaded

www.securityfocus.com/bid/68431

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

80.8%

JSON

Related for PRION:CVE-2014-3503