Description
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.
Remediation
References
http://packetstormsecurity.com/files/127375/Apache-Syncope-Insecure-Password-Generation.html
http://syncope.apache.org/security.html
http://www.securityfocus.com/archive/1/532669/100/0/threaded
http://www.securityfocus.com/bid/68431
Related Vulnerabilities
CVE-2023-27481 Vulnerability in npm package directus
CVE-2018-1000086 Vulnerability in npm package pym.js
CVE-2022-28731 Vulnerability in maven package org.apache.jspwiki:jspwiki-main
CVE-2016-4436 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2015-1796 Vulnerability in maven package org.opensaml:opensaml