2 results (0.004 seconds)

CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. El archivo packet.py en pyrad versiones anteriores a 2.1, utiliza números aleatorios débiles para generar autenticadores RADIUS y contraseñas de hash, lo que facilita a atacantes remotos obtener información confidencial por medio de un ataque de fuerza bruta. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115677.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115705.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116567.html http://www.openwall.com/lists/oss-security/2013/02/15/13 http://www.securityfocus.com/bid/57984 https://bugzilla.redhat.com/show_bug.cgi?id=911682 https://exchange.xforce.ibmcloud.com/vulnerabilities/82133 https://github.com/wichert/pyrad/commit/38f7 • CWE-330: Use of Insufficiently Random Values •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294. La función CreateID en el archivo packet.py en pyrad versiones anteriores a 2.1, usa ID de paquetes secuenciales, lo que facilita a atacantes remotos falsificar paquetes mediante la predicción del próximo ID, una vulnerabilidad diferente de CVE-2013-0294. • http://www.openwall.com/lists/oss-security/2013/02/15/9 http://www.openwall.com/lists/oss-security/2013/02/21/27 http://www.openwall.com/lists/oss-security/2013/02/22/2 http://www.securityfocus.com/bid/57984 https://bugzilla.redhat.com/show_bug.cgi?id=911685 https://exchange.xforce.ibmcloud.com/vulnerabilities/82134 https://github.com/pyradius/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5 • CWE-20: Improper Input Validation •