Home
» GitHub Advisories
» GHSA-4c72-mrhf-23cg
Description
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.
Basic information
Type
reviewed
Severity
medium
Advisory on GitHub
Open advisory ↗
Repository advisory
—
Source code
Not specified
Published (advisory)
2022-05-14 02:52:41 UTC
Updated
2023-08-15 22:11:51 UTC
GitHub reviewed
2023-08-15 22:11:49 UTC
NVD published
2014-07-11
EPSS Score
Score
Percentile
1.94%
82.87%
CVSS Scores
No CVSS scores in this advisory.
CWEs
CWE id
Name
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Affected packages (1)
Vulnerable version ranges and first patched releases as published by GitHub.
Ecosystem
Package
Vulnerable range
First patched
Vulnerable functions
maven
org.apache.syncope:syncope
>= 1.1.0, < 1.1.8
1.1.8
—
cvelogic
Threat Intelligence