CVE-2013-0294

high

Description

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.

References

Advisories

https://github.com/wichert/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5

https://exchange.xforce.ibmcloud.com/vulnerabilities/82133

https://bugzilla.redhat.com/show_bug.cgi?id=911682

http://www.securityfocus.com/bid/57984

http://www.openwall.com/lists/oss-security/2013/02/15/13

http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116567.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115705.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115677.html

Details

Source: Mitre, NVD

Published: 2020-01-28

Updated: 2020-01-31

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

CVSS v4

Base Score: 8.2

Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.01875

Detections

Analytics