Required CVE Record Information
Description
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.
References 5 Total
- http://www.openwall.com/lists/oss-security/2013/03/26/2
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101387.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101382.html
- http://www.securityfocus.com/bid/58702
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83039
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- http://www.openwall.com/lists/oss-security/2013/03/26/2 x_transferred
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101387.html x_transferred
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101382.html x_transferred
- http://www.securityfocus.com/bid/58702 x_transferred
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83039 x_transferred