5
CVE-2014-3503
- EPSS 5.97%
- Veröffentlicht 11.07.2014 14:55:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.97% | 0.924 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
http://syncope.apache.org/security.html
http://packetstormsecurity.com/files/127375/Apache-Syncope-Insecure-Password-Generation.html
http://www.securityfocus.com/archive/1/532669/100/0/threaded
http://www.securityfocus.com/bid/68431