Python Oauth2
Monthly
The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.