VYPR

PyPI package

oauth2

pkg:pypi/oauth2

Vulnerabilities (2)

  • CVE-2013-4347May 20, 2014
    affected < 1.9rc1fixed 1.9rc1

    The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.

  • CVE-2013-4346May 20, 2014
    affected <= 1.9rc1

    The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.