CVE-2022-23472

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-23472
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23472.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-23472
Aliases
Related
Published
2022-12-06T18:15:10Z
Modified
2025-01-08T14:02:49.682389Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Passeo is an open source python password generator. Versions prior to 1.0.5 rely on the python random library for random value selection. The python random library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator. As a result a motivated attacker may be able to guess generated passwords. This issue has been addressed in version 1.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/arjunsharda/passeo

Affected ranges

Type
GIT
Repo
https://github.com/arjunsharda/passeo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8caa798b6bc4647dca59b2376204b6dc6176361a
Fixed
8caa798b6bc4647dca59b2376204b6dc6176361a

Affected versions

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4