CVE-2014-3503

CWE-310CWE-3384 documents4 sources
Severity
5.0MEDIUM
EPSS
1.9%
top 16.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Syncope
Timeline
PublishedJul 11
Latest updateMay 14

Description

Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Mavenorg.apache.syncope:syncope1.1.01.1.8
NVDapache/syncope8 versions+7

🔴Vulnerability Details

3
OSV
Apache Syncope uses a weak PNRG2022-05-14
GHSA
Apache Syncope uses a weak PNRG2022-05-14
CVEList
CVE-2014-3503: Apache Syncope 12014-07-11
CVE-2014-3503 (MEDIUM CVSS 5) | Apache Syncope 1.1.x before 1.1.8 u | cvebase.io