Use of Insufficiently Random Values
CVE-2013-0294
Summary
packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.
- HIGH
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-330 - Use of Insufficiently Random Values
The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
Advisory Timeline
- Published