Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xNHYzLXdtbTYtaGNyeM3g3w
pyrad is vulnerable to the use of Insufficiently Random Values
packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.
Permalink: https://github.com/advisories/GHSA-q4v3-wmm6-hcrxJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xNHYzLXdtbTYtaGNyeM3g3w
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 2 months ago
CVSS Score: 5.9
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-q4v3-wmm6-hcrx, CVE-2013-0294
References:
- https://nvd.nist.gov/vuln/detail/CVE-2013-0294
- https://github.com/wichert/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5
- https://bugzilla.redhat.com/show_bug.cgi?id=911682
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82133
- http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115677.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115705.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116567.html
- http://www.openwall.com/lists/oss-security/2013/02/15/13
- https://web.archive.org/web/20200228160027/http://www.securityfocus.com/bid/57984
- https://github.com/advisories/GHSA-q4v3-wmm6-hcrx
Blast Radius: 13.5
Affected Packages
pypi:pyrad
Dependent packages: 2Dependent repositories: 194
Downloads: 120,814 last month
Affected Version Ranges: < 2.1
Fixed in: 2.1
All affected versions:
All unaffected versions: