Computer Security
[EN] securityvulns.ru no-pyccku


pycrypto PRNG vulnerabilities
Published:05.11.2013
Source:
SecurityVulns ID:13395
Type:library
Threat Level:
5/10
Description:Predictable PRNG state after fork()
Affected:PYTHON : PyCrypto 2.6
CVE:CVE-2013-1445 (The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:262 ] python-pycrypto (05.11.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod