GitHub Advisory DatabaseGHSA-Q4V3-WMM6-HCRXpyrad is vulnerable to the use of Insufficiently Random Values
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
79.6%
packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.
Affected configurations
References
lists.fedoraproject.org/pipermail/package-announce/2013-September/115677.html
lists.fedoraproject.org/pipermail/package-announce/2013-September/115705.html
lists.fedoraproject.org/pipermail/package-announce/2013-September/116567.html
www.openwall.com/lists/oss-security/2013/02/15/13
bugzilla.redhat.com/show_bug.cgi?id=911682
exchange.xforce.ibmcloud.com/vulnerabilities/82133
github.com/advisories/GHSA-q4v3-wmm6-hcrx
github.com/wichert/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5
nvd.nist.gov/vuln/detail/CVE-2013-0294
web.archive.org/web/20200228160027/www.securityfocus.com/bid/57984
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
79.6%