CVE-2019-10755
N/A
N/A
Summary
The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | PAC4J For SAML Protocol | All versions prior to version 4.0.0-RC1 | affected |
Weaknesses
- Insecure Randomness
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.