Description
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/532669/100/0/threaded
Vendor Advisory x_refsource_confirm
http://syncope.apache.org/security.html
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/127375/Apache-Syncope-Insecure-Password-Generation.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68431
Scores
EPSS
0.0194
EPSS Percentile
83.7%
Details
CWE
CWE-310
Status
published
Products (9)
apache/syncope
1.1.0
apache/syncope
1.1.1
apache/syncope
1.1.2
apache/syncope
1.1.3
apache/syncope
1.1.4
apache/syncope
1.1.5
apache/syncope
1.1.6
apache/syncope
1.1.7
org.apache.syncope/syncope
1.1.0 - 1.1.8Maven
Published
Jul 11, 2014
Tracked Since
Feb 18, 2026