The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.
{ "nvd_published_at": "2013-10-26T17:55:00Z", "cwe_ids": [ "CWE-332" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-04-22T22:55:06Z" }