SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces
Low severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Aug 29, 2023
Description
Published by the National Vulnerability Database
May 20, 2014
Published to the GitHub Advisory Database
May 17, 2022
Last updated
Aug 29, 2023
Reviewed
Aug 29, 2023
The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.
References