SB2014071101 - Cryptographic issues in Apache Syncope
Published: July 11, 2014 Updated: August 10, 2020
Security Bulletin ID
SB2014071101
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Cryptographic issues (CVE-ID: CVE-2014-3503)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.
Remediation
Install update from vendor's website.