pyrad@1.0alpha1 vulnerabilities
RADIUS tools
-
latest version
2.4
-
latest non vulnerable version
-
first published
17 years ago
-
latest version published
4 years ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the pyrad package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
pyrad is a RADIUS tool. Affected versions of this package are vulnerable to Improper Input Validation due to the use of sequential packet IDs in the How to fix Improper Input Validation? Upgrade |
[,2.1)
|
Affected versions of this package are vulnerable to Insecure Randomness. It was using Python's random module in a number of places to generate pseudo-random data. In the case of the authenticator data, it was being used to secure a password sent over the wire. Because Python's random module is not really suited for this purpose (not random enough), it could lead to password hashing that may be predictable. Note: CVE-2013-0295 is a duplicate of CVE-2013-0294. How to fix Insecure Randomness? Upgrade to version |
[,2.1)
|