CVE-2014-3503 Information

Description

Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords which makes it easier for remote attackers to guess the password via a brute force attack.

Reference

http://packetstormsecurity.com/files/127375/Apache-Syncope-Insecure-Password-Generation.html http://syncope.apache.org/security.html http://www.securityfocus.com/archive/1/532669/100/0/threaded http://www.securityfocus.com/bid/68431