2 matches found
CVE-2024-42475 OAuth library for nim allows insecure generation of state values by generateState - entropy too low and uses regular PRNG instead of CSPRNG
In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected...
oauth 安全漏洞
oauth is an oauth library for nim from the individual developer Yoshihiro Tanaka. A security vulnerability exists in versions of oauth prior to 0.11, which stems from the state values generated by the generateState function not having sufficient entropy for an attacker to successfully guess these...