pyrad@1.2 vulnerabilities

RADIUS tools

latest version

2.4
latest non vulnerable version

2.4
first published

17 years ago
latest version published

3 years ago
licenses detected
- BSD-2-Clause
  [0,)
View pyrad package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the pyrad package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Improper Input Validation pyrad is a RADIUS tool. Affected versions of this package are vulnerable to Improper Input Validation due to the use of sequential packet IDs in the `CreateID` function. An attacker can spoof packets by predicting the next ID. How to fix Improper Input Validation? Upgrade `pyrad` to version 2.1 or higher.	[,2.1)
L Insecure Randomness `pyrad` is a RADIUS tools. Affected versions of this package are vulnerable to Insecure Randomness. It was using Python's random module in a number of places to generate pseudo-random data. In the case of the authenticator data, it was being used to secure a password sent over the wire. Because Python's random module is not really suited for this purpose (not random enough), it could lead to password hashing that may be predictable. Note: CVE-2013-0295 is a duplicate of CVE-2013-0294. How to fix Insecure Randomness? Upgrade to version `[,2.1)` or greater.	[,2.1)

Improper Input Validation

pyrad is a RADIUS tool.

Affected versions of this package are vulnerable to Improper Input Validation due to the use of sequential packet IDs in the CreateID function. An attacker can spoof packets by predicting the next ID.

How to fix Improper Input Validation?

Upgrade pyrad to version 2.1 or higher.

[,2.1)

Insecure Randomness

pyrad is a RADIUS tools.

Affected versions of this package are vulnerable to Insecure Randomness. It was using Python's random module in a number of places to generate pseudo-random data. In the case of the authenticator data, it was being used to secure a password sent over the wire. Because Python's random module is not really suited for this purpose (not random enough), it could lead to password hashing that may be predictable.

Note: CVE-2013-0295 is a duplicate of CVE-2013-0294.

How to fix Insecure Randomness?

Upgrade to version [,2.1) or greater.

[,2.1)

Go back to all versions of this package

pyrad@1.2 vulnerabilities

RADIUS tools

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities