CVE-2019-10754
N/A
N/A
Summary
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Apereo CAS | All versions prior to version 6.1.0-RC5 | affected |
Weaknesses
- Insecure Randomness
ADP Enrichment
CVE Program Container
Additional References
- https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467406
- https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467402
- https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467404
- https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-468869
- https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-468868
References
- https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467406
- https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467402
- https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467404
- https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-468869
- https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-468868
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.