6 matches found
SimpleGeo python-oauth2 does not check the nonce allowing replay attacks
The Server.verifyrequest function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. The vulnerability does not appear to be patched according to the following discussion...
Nonce Values Unchecked
python-oauth2 is vulnerable to replay attacks. This vulnerability is caused in the Server.verifyrequest function where it does not check the nonce value, allowing remote attackers to perform replay attacks through a signed URL...
CVE-2013-4346
The Server.verifyrequest function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL...
Design/Logic Flaw
The Server.verifyrequest function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL...
CVE-2013-4346
The Server.verifyrequest function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL...
PYSEC-2014-85
The Server.verifyrequest function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL...