CVE-2019-10754

Summary

Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.

Affected Software

VendorProductVersion RangeStatus
n/aApereo CASAll versions prior to version 6.1.0-RC5affected

Weaknesses

  • Insecure Randomness

ADP Enrichment

CVE Program Container

Additional References

References