Back to bug 1007758
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Ratul Gupta | 2013-09-13 09:27:13 UTC | CC | bdunne, bkearney, cpelland, jfrey, jmatthew, jrafanie, katello-bugs, kseifried, metherid, mmccune, obarenbo, pj.pandit, tcallawa, tsanders, xlecauch | |
| Ratul Gupta | 2013-09-13 09:30:48 UTC | Whiteboard | impact=moderate,public=20130913,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=affected,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=affected | impact=moderate,public=20130912,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=affected,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=affected |
| Ratul Gupta | 2013-09-13 09:34:44 UTC | Blocks | 1007764 | |
| Ratul Gupta | 2013-09-13 09:38:20 UTC | Depends On | 1007766 | |
| Ratul Gupta | 2013-09-13 09:38:48 UTC | Depends On | 1007767 | |
| Ratul Gupta | 2013-09-13 09:43:22 UTC | Summary | python-oauth2: Uses poor PRNG | CVE-2013-4347 python-oauth2: Uses poor PRNG in nonce |
| Alias | CVE-2013-4347 | |||
| Vincent Danen | 2013-09-13 14:58:13 UTC | Whiteboard | impact=moderate,public=20130912,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=affected,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=affected | impact=moderate,public=20100424,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=affected,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=affected |
| John Skeoch | 2014-01-22 23:59:08 UTC | CC | mjc | |
| Mark J. Cox | 2014-01-27 08:37:38 UTC | CC | mjc | |
| Garth Mollett | 2014-04-10 00:22:41 UTC | CC | gmollett | |
| Whiteboard | impact=moderate,public=20100424,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=affected,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=affected | impact=moderate,public=20100424,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=affected,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=affected,openstack-4/python-oauth2=affected | ||
| Kurt Seifried | 2014-07-22 06:21:49 UTC | Depends On | 1121874 | |
| Kurt Seifried | 2014-07-22 07:30:20 UTC | Whiteboard | impact=moderate,public=20100424,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=affected,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=affected,openstack-4/python-oauth2=affected | impact=moderate,public=20100424,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=affected,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=notaffected,openstack-4/python-oauth2=affected |
| Kurt Seifried | 2014-07-22 07:31:42 UTC | Whiteboard | impact=moderate,public=20100424,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=affected,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=notaffected,openstack-4/python-oauth2=affected | impact=moderate,public=20100424,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=wontfix,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=notaffected,openstack-4/python-oauth2=affected |
| Salvatore Bonaccorso | 2014-09-26 20:35:11 UTC | CC | carnil | |
| Garth Mollett | 2014-10-03 06:50:18 UTC | Whiteboard | impact=moderate,public=20100424,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=wontfix,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=notaffected,openstack-4/python-oauth2=affected | impact=moderate,public=20100424,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=wontfix,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=notaffected,openstack-4/python-oauth2=wontfix |
| Kurt Seifried | 2015-07-04 15:35:11 UTC | Blocks | 1145400 | |
| Tom "spot" Callaway | 2015-07-06 14:22:45 UTC | Status | NEW | CLOSED |
| Resolution | --- | CURRENTRELEASE | ||
| Last Closed | 2015-07-06 10:22:45 UTC | |||
| Ján Rusnačko | 2015-07-07 07:51:13 UTC | Status | CLOSED | NEW |
| CC | jrusnack | |||
| Resolution | CURRENTRELEASE | --- | ||
| Whiteboard | impact=moderate,public=20100424,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=wontfix,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=notaffected,openstack-4/python-oauth2=wontfix | impact=moderate,public=20100424,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=wontfix,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=notaffected,openstack-4/python-oauth2=wontfix,cwe=CWE-338 | ||
| Keywords | Reopened | |||
| Kurt Seifried | 2015-07-07 17:48:06 UTC | Doc Text | python-oauth2 did not properly generate random values for use in the nonce. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using OAuth2 authentication. | |
| Martin Prpič | 2015-07-08 15:45:01 UTC | Doc Text | python-oauth2 did not properly generate random values for use in the nonce. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using OAuth2 authentication. | It was found that python-oauth2 did not properly generate random values for use in nonces. An attacker able to capture network traffic of a website using OAuth2 authentication could use this flaw to conduct replay attacks against that website. |
| Trevor Jay | 2015-08-10 18:19:56 UTC | CC | tjay | |
| Whiteboard | impact=moderate,public=20100424,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=wontfix,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=notaffected,openstack-4/python-oauth2=wontfix,cwe=CWE-338 | impact=moderate,public=20130424,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=wontfix,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=notaffected,openstack-4/python-oauth2=wontfix,cwe=CWE-338 | ||
| Kurt Seifried | 2015-08-12 21:55:09 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2015-07-06 10:22:45 UTC | 2015-08-12 17:55:09 UTC | ||
| Product Security DevOps Team | 2019-09-29 13:08:22 UTC | Whiteboard | impact=moderate,public=20130424,reported=20130913,source=debian,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,fedora-all/python-oauth2=affected,epel-6/python-oauth2=affected,rhui-2/python-oauth2=wontfix,rhn_satellite_6/python-oauth2=affected,cfme-5/python-oauth2=notaffected,openstack-4/python-oauth2=wontfix,cwe=CWE-338 |
Back to bug 1007758