CVE-2019-10754 (central_authentication_service)

Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG’s algorithm not being cryptographically strong.
Source: NIST
CVE-2019-10754 (central_authentication_service)