2 matches found
CVE-2014-3503
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack...
CVE-2014-3503
Apache Syncope 1.1.x before 1.1.8 is affected. The issue stems from using insecure Random implementations to generate user passwords, enabling remote attackers to guess passwords by brute force. The fixed version is 1.1.8 (Ad libitum); upgrading is advised. If upgrading is not possible, apply off...