VYPR

PyPI package

pyrad

pkg:pypi/pyrad

Vulnerabilities (2)

  • CVE-2013-0294MedJan 28, 2020
    affected < 2.1fixed 2.1

    packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.

  • CVE-2013-0342MedDec 9, 2019
    affected < 2.1fixed 2.1

    The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294.