MEDIUM🇬🇧 English

CVE-2019-10755

CVSS 4.9v3.1pub. 2019-09-23upd. 2024-11-21

The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
  • Pac4j

    APP
    Pac4J
    3.0.0 – 3.8.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-40458HIGH7.0ten sam produkt

PAC4J is vulnerable to Cross-Site Request Forgery (CSRF). A malicious attacker can craft a specially designed ...

CVE-2026-40459HIGH8.7ten sam produkt

PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted...

CVE-2021-44878HIGH7.5ten sam produkt

If an OpenID Connect provider supports the "none" algorithm (i.e., tokens with no signature), pac4j v5.3.0 (an...