Description
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.
Remediation
References
http://packetstormsecurity.com/files/127375/Apache-Syncope-Insecure-Password-Generation.html
http://syncope.apache.org/security.html
http://www.securityfocus.com/archive/1/532669/100/0/threaded
http://www.securityfocus.com/bid/68431
Related Vulnerabilities
CVE-2014-0034 Vulnerability in maven package org.apache.cxf.services.sts:cxf-services-sts-core
CVE-2023-28685 Vulnerability in maven package org.jenkins-ci.plugins:absint-a3
CVE-2023-44981 Vulnerability in maven package org.apache.zookeeper:zookeeper
CVE-2022-40146 Vulnerability in maven package org.apache.xmlgraphics:batik-bridge