Automatically generated passwords (e.g. password reset) use insecure java.util.Random

"Reset password" calls

• com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.resetPassword(), which calls
• com.atlassian.crowd.integration.authentication.PasswordHelper.generateRandomPassword(), which calls
• org.apache.commons.lang.RandomStringUtils.randomAlphanumeric(8) (link), which eventually calls
• java.util.Random.nextInt(int) (link), which
• uses a 48-bit seed, which is modified using a linear congruential formula. (See Donald Knuth, The Art of Computer Programming, Volume 2, Section 3.2.1.)

Several obvious flaws:

• What's Random() seeded with? It's often something predictable by an attacker.
• java.util.Random() makes no attempt at being secure — knowing a given 48-bit state trivially gives you every previous and future state. The password has 47.6 log₂(62⁸) = 47.6 bits of entropy, so I just reset my password twice, crack the state, reset my password, and reset someone else's password.

It's not that difficult to do a distributed brute-force of a 48-bit state, especially when the implementation gives you the 6.5 bits for free. There's also plenty of cryptanalysis, some of which might be relevant.