← back
CVE-2019-10754

CVE-2019-10754

EPSS 1.8%
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.
Affected products
n/a · Apereo CAS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467402https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467404https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467406https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-468868https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-468869