Описание
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.
Ссылки
- Third Party AdvisoryTool Signature
- Third Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryTool Signature
- Third Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 0.3 (исключая)
cpe:2.3:a:python:py-bcrypt:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00279
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-307
Связанные уязвимости
CVSS3: 7.5
ubuntu
около 6 лет назад
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.
CVSS3: 7.5
debian
около 6 лет назад
The py-bcrypt module before 0.3 for Python does not properly handle co ...
CVSS3: 7.5
github
больше 4 лет назад
Improper Restriction of Excessive Authentication Attempts in py-bcrypt
EPSS
Процентиль: 51%
0.00279
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-307