Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apereo central authentication service 6.1.0 |
||
apereo central authentication service |