PYSEC-2014-86

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/oauth2/PYSEC-2014-86.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2014-86
Aliases
Published
2014-05-20T14:55:00Z
Modified
2023-11-01T04:45:12.506247Z
Summary
[none]
Details

The (1) makenonce, (2) generatenonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.

References

Affected packages

PyPI / oauth2

Package

Name
oauth2
View open source insights on deps.dev
Purl
pkg:pypi/oauth2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9rc1

Affected versions

1.*
1.0.0
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.1.0
1.1.1
1.1.3
1.2.0
1.5.150
1.5.153
1.5.155
1.5.158
1.5.159
1.5.160
1.5.161
1.5.162
1.5.163
1.5.164
1.5.165
1.5.166
1.5.167
1.5.168
1.5.169
1.5.170
1.5.210
1.5.211

Database specific

source 
"https://github.com/pypa/advisory-database/blob/main/vulns/oauth2/PYSEC-2014-86.yaml"