Vulnerability	Vulnerable Version
M Insecure Randomness `oauth2` is a library for OAuth version 1.9 Affected versions of this package are vulnerable to Insecure Randomness. The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack. How to fix Insecure Randomness? Upgrade to version `1.9rc1` or greater.	[,1.9rc1)
M Replay Attack `oauth2` is a library for OAuth version 1.9 The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. How to fix Replay Attack? Upgrade to version `1.9rc1` or greater.	[,1.9rc1)

Insecure Randomness

oauth2 is a library for OAuth version 1.9

Affected versions of this package are vulnerable to Insecure Randomness. The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.

How to fix Insecure Randomness?

Upgrade to version 1.9rc1 or greater.

[,1.9rc1)

Replay Attack

oauth2 is a library for OAuth version 1.9 The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.

How to fix Replay Attack?

Upgrade to version 1.9rc1 or greater.

[,1.9rc1)

Go back to all versions of this package