pac4j-saml uses an insecure random number generation. It generates entity ID with predictable randomness for SAML2 Authentication Request as it relies on random numbers generated using an insecure RandomStringUtils PRNG algorithm from apache commons-lang3 RandomStringUtil
class.
CPE | Name | Operator | Version |
---|---|---|---|
pac4j: java web security for saml | le | 3.8.1 | |
pac4j: java web security for saml | le | 3.2.0 | |
pac4j core | le | 3.8.1 |