CVE-2013-4347

Medium

The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate…

redhat·CWE-310·Published 2014-05-20

CVSS

3.7

EPSS

0.02

KEV

Exploits

cve.orgen

235 chars

The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.

NVDen

235 chars

OSV.deven

235 chars

GHSAen

235 chars

NVDes

248 chars

Las funciones (1) make_nonce, (2) generate_nonce y (3) generate_verifier en SimpleGeo python-oauth2 utiliza números aleatorias débiles para generar nonces, lo que facilita a atacantes remotos adivinar el nonce a través de un ataque de fuerza bruta.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N
3.1	Secondary	GHSA	3.7	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
4.0	Secondary	GHSA	6.3	—	—	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N