joestump/python-oauth2

Releases152

Frequency2 weeks 22 hours

Last Release over 10 years ago

Stars3.01K

A fully tested, abstract interface to creating OAuth clients and servers.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2013-4346 ↗	May 20, 2014Tuesday, 20 May 2014, 14:55	—	4.3 MEDIUM
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.
CVE-2013-4347 ↗	May 20, 2014Tuesday, 20 May 2014, 14:55	—	5.8 MEDIUM
The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.