Vulnerability in Apache Syncope

CVE-2014-3503

Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.019 (83.8th percentile) — read the EPSS interpretation.

Affected products

Apache Syncope — versions 1.1.0, 1.1.1, 1.1.2
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

20140707 [SECURITY] CVE-2014-3503 Apache Syncope (mailing-list, x_refsource_BUGTRAQ)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_MISC)
68431 (vdb-entry, x_refsource_BID)