Design/Logic Flaw

2019-09-2323:15:00

PRIOn knowledge base

www.prio-n.com

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.4%

JSON

The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG’s algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml.

CPENameOperatorVersion
pac4jge3.0.0
pac4jle3.8.2

CPE	Name	Operator	Version
	pac4j	ge	3.0.0
	pac4j	le	3.8.2

References

snyk.io/vuln/SNYK-JAVA-ORGPAC4J-467407