High severityNVD Advisory· Published Jan 28, 2020· Updated Aug 6, 2024

CVE-2013-1895

Description

The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
py-bcryptPyPI	< 0.3	0.3

Affected products

ghsa-coords
pkg:pypi/py-bcrypt
Range: < 0.3
py-bcrypt/py-bcryptcpe-rescue
Range: before 0.3

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-r838-q6jp-58xxghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2013-1895ghsaADVISORY
lists.fedoraproject.org/pipermail/package-announce/2013-April/101382.htmlghsax_refsource_MISCWEB
lists.fedoraproject.org/pipermail/package-announce/2013-April/101387.htmlghsax_refsource_MISCWEB
www.openwall.com/lists/oss-security/2013/03/26/2ghsax_refsource_MISCWEB
www.securityfocus.com/bid/58702mitrex_refsource_MISC
exchange.xforce.ibmcloud.com/vulnerabilities/83039ghsax_refsource_MISCWEB
github.com/pypa/advisory-database/tree/main/vulns/py-bcrypt/PYSEC-2020-249.yamlghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000