12 matches found
EUVD-2019-0762
Malware in sbrugna...
CVE-2019-10755
The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml...
com.agifac.lib:app-framework (>=12.1.0 <=16.0.4), com.agifac.lib:maf-defaultplugins-extension (>=12.1.1 <=16.0.4) +281 more potentially affected by CVE-2019-10755 via org.pac4j:pac4j-saml (>=1.5.1 <=3.1.0)
org.pac4j:pac4j-saml MAVEN version =1.5.1, =12.1.0, =12.1.1, =12.1.2, =12.1.0, =12.1.4, =1.0, =1.0, =1.9.0, =2.0.1, =16.1.0, =16.1.0, =16.1.0, =16.1.0, =16.1.0, =0.8.0, =1.1.0 and more Source cves: CVE-2019-10755 Source advisory: OSV:GHSA-RC75-CF5C-MXVH...
GHSA-RC75-CF5C-MXVH Use of Cryptographically Weak Pseudo-Random Number Generator in org.pac4j:pac4j-saml
The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml...
Use of Cryptographically Weak Pseudo-Random Number Generator in org.pac4j:pac4j-saml
The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml...
Insecure Random Number Generation
pac4j-saml uses an insecure random number generation. It generates entity ID with predictable randomness for SAML2 Authentication Request as it relies on random numbers generated using an insecure RandomStringUtils PRNG algorithm from apache commons-lang3 RandomStringUtil class...
CVE-2019-10755
The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml...
CVE-2019-10755
The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml...
Design/Logic Flaw
The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml...
CVE-2019-10755
The CVE-2019-10755 entry concerns pac4j-saml and the 3.X release line. The issue is that the SAML identifier generated in SAML2Utils.java uses Apache Commons Lang3 RandomStringUtils, whose PRNG is not cryptographically strong, leading to predictable randomness for SAML identifiers. This weakness ...
CVE-2019-10755
The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml...
org.apereo.cas:cas-management-webapp-configuration (>=5.3.1 <=5.3.3), org.apereo.cas:cas-management-webapp-support (>=5.3.1 <=5.3.3) +232 more potentially affected by CVE-2019-10755 via org.pac4j:pac4j-saml (>=3.0.0-RC2 <=3.1.0)
org.pac4j:pac4j-saml MAVEN version =3.0.0-RC2, =5.3.1, =5.3.1, =5.3.1, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.3 and more Source cves: CVE-2019-10755 Source advisory: SNYK:JAVA-ORGPAC4J-467407...