[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2014-425 ---- python-oauth2

ID: oval:org.secpod.oval:def:1600011Date: (C)2016-01-19   (M)2023-02-20
Class: PATCHFamily: unix




The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. The make_nonce, generate_nonce, and generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.

Platform:
Amazon Linux AMI
Product:
python-oauth2
Reference:
ALAS-2014-425
CVE-2013-4346
CVE-2013-4347
CVE    2
CVE-2013-4347
CVE-2013-4346
CPE    3
cpe:/a:urbanairship:python-oauth2
cpe:/o:amazon:linux
cpe:/a:urbanairship:python-oauth2:-

© SecPod Technologies