CVE-2013-0294 – pyrad

Package

Manager: pip
Name: pyrad
Vulnerable Version: >=0 <2.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01875 pctl0.82419

Details

pyrad is vulnerable to the use of Insufficiently Random Values packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.

Metadata

Created: 2022-05-05T00:29:22Z
Modified: 2024-10-23T15:56:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q4v3-wmm6-hcrx/GHSA-q4v3-wmm6-hcrx.json
CWE IDs: ["CWE-330"]
Alternative ID: GHSA-q4v3-wmm6-hcrx
Finding: F034
Auto approve: 1