Skip to main content

Cryptographic Issues

CVE-2013-4347

Severity Medium
Score 5.8/10

Summary

The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 before version 1.9rc1 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.

  • MEDIUM
  • NETWORK
  • NONE
  • PARTIAL
  • PARTIAL
  • NONE

CWE-310 - Cryptographic Issues

Cryptographic issues is a category of weaknesses related to the design and implementation of the confidentiality and integrity of data. If not addressed, the weaknesses in this category can lead to data quality degradation.

Advisory Timeline

  • Published