CVE-2014-3503

EUVD-2022-2354
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
apachesyncope
1.1.0
apachesyncope
1.1.1
apachesyncope
1.1.2
apachesyncope
1.1.3
apachesyncope
1.1.4
apachesyncope
1.1.5
apachesyncope
1.1.6
apachesyncope
1.1.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/127375/Apache-Syncope-Insecure-Password-Generation.html
http://syncope.apache.org/security.html
http://www.securityfocus.com/archive/1/532669/100/0/threaded
http://www.securityfocus.com/bid/68431
http://packetstormsecurity.com/files/127375/Apache-Syncope-Insecure-Password-Generation.html
http://syncope.apache.org/security.html
http://www.securityfocus.com/archive/1/532669/100/0/threaded
http://www.securityfocus.com/bid/68431