Apache InLong: Weak Password Implementation in InLong
Description
Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0.
When users change their password to a simple password (with any character or symbol), attackers can easily guess the user's password and access the account.
Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7805 https://github.com/apache/inlong/pull/7805 to solve it.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Apache InLong 1.1.0-1.6.0 has weak password requirements, allowing attackers to easily guess passwords and access accounts.
Vulnerability
Overview Apache InLong versions 1.1.0 through 1.6.0 suffer from weak password requirements. When users change their password, the system does not enforce complexity rules, allowing passwords with any character or symbol, making them easy to guess [2].
Exploitation
An attacker can exploit this by brute-forcing or guessing weak passwords if they know the username. No special network position or authentication is required beyond guessing the password [2].
Impact
Successful exploitation allows the attacker to access the victim's account, potentially leading to data exposure or further compromise.
Mitigation
The issue is fixed in Apache InLong 1.7.0. Users can also apply the patch from pull request #7805 to enforce password length limits [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.inlong:manager-pojoMaven | >= 1.1.0, < 1.47.0 | 1.47.0 |
Affected products
2- Apache Software Foundation/Apache InLongv5Range: 1.1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-w3wr-gmwf-r333ghsaADVISORY
- lists.apache.org/thread/1fvloc3no1gbffzrcsx9ltsg08wr2d1wghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-31098ghsaADVISORY
- github.com/apache/inlong/pull/7805ghsaWEB
News mentions
0No linked articles in our index yet.