Search

Find a vulnerability

Search criteria

    2 vulnerabilities by py-bcrypt

    CVE-2013-1895 (GCVE-0-2013-1895)

    Vulnerability from nvd – Published: 2020-01-28 14:30 – Updated: 2024-08-06 15:20
    VLAI
    Summary
    The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    References
    Impacted products
    Vendor Product Version
    py-bcrypt py-bcrypt Affected: before 0.3
    		Create a notification for this product.
    Date Public
    2013-03-18 00:00
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:20:37.112Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/03/26/2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101387.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101382.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/58702"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83039"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "py-bcrypt",
          "vendor": "py-bcrypt",
          "versions": [
            {
              "status": "affected",
              "version": "before 0.3"
            }
          ]
        }
      ],
      "datePublic": "2013-03-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Other",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-28T14:30:24.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/03/26/2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101387.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101382.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/58702"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83039"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-1895",
    "datePublished": "2020-01-28T14:30:24.000Z",
    "dateReserved": "2013-02-19T00:00:00.000Z",
    "dateUpdated": "2024-08-06T15:20:37.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

    CVE-2013-1895 (GCVE-0-2013-1895)

    Vulnerability from cvelistv5 – Published: 2020-01-28 14:30 – Updated: 2024-08-06 15:20
    VLAI
    Summary
    The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    References
    Impacted products
    Vendor Product Version
    py-bcrypt py-bcrypt Affected: before 0.3
    		Create a notification for this product.
    Date Public
    2013-03-18 00:00
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:20:37.112Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/03/26/2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101387.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101382.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/58702"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83039"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "py-bcrypt",
          "vendor": "py-bcrypt",
          "versions": [
            {
              "status": "affected",
              "version": "before 0.3"
            }
          ]
        }
      ],
      "datePublic": "2013-03-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Other",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-28T14:30:24.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/03/26/2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101387.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101382.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/58702"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83039"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-1895",
    "datePublished": "2020-01-28T14:30:24.000Z",
    "dateReserved": "2013-02-19T00:00:00.000Z",
    "dateUpdated": "2024-08-06T15:20:37.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}