The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.
References
Link | Resource |
---|---|
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101382.html | Third Party Advisory Tool Signature |
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101387.html | Third Party Advisory |
http://www.openwall.com/lists/oss-security/2013/03/26/2 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/58702 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/83039 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2020-01-28T14:30:24
Updated: 2020-01-28T14:30:24
Reserved: 2013-02-19T00:00:00
Link: CVE-2013-1895
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-28T15:15:14.343
Modified: 2020-02-04T16:49:58.710
Link: CVE-2013-1895
JSON object: View
Redhat Information
No data.
CWE