7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-65998

CVE-2025-65998: Apache Syncope's AES encryption stores hard-coded passwords in internal database

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option.

When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained access to the internal database content, to reconstruct the original cleartext password values. This is not affecting encrypted plain attributes, whose values are also stored using AES encryption.

Users are recommended to upgrade to version 3.0.15 / 4.0.3, which fix this issue.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-65998

CVE-2025-65998:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.syncope:syncope-core	maven	>= 4.0.0, < 4.0.3	4.0.3
org.apache.syncope:syncope-core	maven	< 3.0.15	3.0.15

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability exists because Apache Syncope used a hard-coded default AES key for encrypting sensitive data, such as user passwords, when AES encryption was enabled but no specific key was configured. An attacker with access to the database could easily decrypt this data using the known hard-coded key.

The analysis of the patches reveals that the core of the issue was in the org.apache.syncope.core.spring.security.Encryptor and org.apache.syncope.core.spring.security.DefaultEncryptor classes. These classes contained a hard-coded DEFAULT_SECRET_KEY that was used as a fallback. The getInstance methods in Encryptor and DefaultEncryptorManager were responsible for creating encryption instances, and they would use this default key if no other key was provided.

Several parts of the application, such as JPAUser.setPassword, called these encryption methods to protect sensitive information. The patches remove the hard-coded key and modify the logic to require that an AES key be explicitly configured in the application's properties (security.aesSecretKey). This ensures that all encrypted data uses a unique, user-defined key, mitigating the risk of trivial decryption by an attacker.

Vulnerable functions

org.apache.syncope.core.spring.security.Encryptor.Encryptor

core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java

The constructor for the `Encryptor` class uses a hard-coded default secret key if no key is provided. This key is then used for AES encryption and decryption operations, making the stored data vulnerable.

org.apache.syncope.core.spring.security.Encryptor.getInstance

core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java

This method retrieves an instance of the `Encryptor` class. In the vulnerable version, if no secret key is provided, it falls back to a hard-coded default key (`DEFAULT_SECRET_KEY`), which is then used for encryption.

org.apache.syncope.core.spring.security.DefaultEncryptor.DefaultEncryptor

core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultEncryptor.java

Similar to the `Encryptor` class, the `DefaultEncryptor` constructor uses a hard-coded default secret key when no key is provided, leading to weak encryption.

org.apache.syncope.core.spring.security.DefaultEncryptorManager.getInstance

core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultEncryptorManager.java

This manager class is responsible for providing `DefaultEncryptor` instances. The vulnerable version of `getInstance` would create an encryptor with a hard-coded key if none was specified.

org.apache.syncope.core.persistence.jpa.entity.user.JPAUser.setPassword

core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/user/JPAUser.java

The `setPassword` method in the `JPAUser` entity uses the vulnerable `Encryptor` instance to encode the user's password before persisting it. If AES is used without a configured key, the hard-coded key is used.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-65998: Apache Syncope's AES encryption stores hard-coded passwords in internal database

CVE-2025-65998:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

7.5

7.5

CVE-2025-65998: Apache Syncope's AES encryption stores hard-coded passwords in internal database

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI