{"id":"PYSEC-2014-86","details":"The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.","aliases":["CVE-2013-4347","GHSA-rv8h-p43r-4x5r"],"modified":"2023-11-01T04:45:12.506247Z","published":"2014-05-20T14:55:00Z","references":[{"type":"REPORT","url":"https://github.com/simplegeo/python-oauth2/issues/9"},{"type":"WEB","url":"https://github.com/simplegeo/python-oauth2/pull/146"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2013/09/12/7"},{"type":"WEB","url":"http://www.securityfocus.com/bid/62388"}],"affected":[{"package":{"name":"oauth2","ecosystem":"PyPI","purl":"pkg:pypi/oauth2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9rc1"}]}],"versions":["1.0.0","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.1.0","1.1.1","1.1.3","1.2.0","1.5.150","1.5.153","1.5.155","1.5.158","1.5.159","1.5.160","1.5.161","1.5.162","1.5.163","1.5.164","1.5.165","1.5.166","1.5.167","1.5.168","1.5.169","1.5.170","1.5.210","1.5.211"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/oauth2/PYSEC-2014-86.yaml"}}],"schema_version":"1.7.3"}