CNNVD-202511-2650 Information

CNNVD ID

CNNVD-202511-2650

Related CVE

CVE-2025-65998

• CNNVD Published: 2025-11-24

Description (Chinese)

Apache Syncope是美国阿帕奇（Apache）基金会的一套用于企业环境中的开源数字身份管理系统。该系统支持身份管理、角色配置等。 Apache Syncope存在安全漏洞，该漏洞源于使用硬编码AES密钥加密密码，可能导致密码明文泄露。

Description (English)

Apache Syncope is an open-source digital identity management system for the business environment of the Apache Foundation in the United States. The system supports identity management, role allocation, etc. There is a security loophole in Apache Syncope, which stems from the use of hard-coded AES keys to encrypt passwords, which may lead to their explicit disclosure.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2025-11-24

Last Modified

2026-02-24

References

https://lists.apache.org/thread/fjh0tb0d1xkbphc5ogdsc348ppz88cts http://www.openwall.com/lists/oss-security/2025/11/24/1 https://access.redhat.com/security/cve/cve-2025-65998

Patch

https://lists.apache.org/thread/fjh0tb0d1xkbphc5ogdsc348ppz88cts