CVE-2013-0294 — MEDIUM (5.9)

Q: How severe is CVE-2013-0294?

CVE-2013-0294 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-0294?

Check the references section above for vendor advisories and patch information. Affected products include: Pyrad Project Pyrad, Fedoraproject Fedora.

Vulnerability Description

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Pyrad Project	Pyrad	< 2.1
Fedoraproject	Fedora	18

Related Weaknesses (CWE)

CWE-330

References

http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115677.Mailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115705.Mailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116567.Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2013/02/15/13Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/57984Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=911682Issue TrackingPatchThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/82133Third Party AdvisoryVDB Entry
https://github.com/wichert/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5PatchThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115677.Mailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115705.Mailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116567.Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2013/02/15/13Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/57984Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=911682Issue TrackingPatchThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/82133Third Party AdvisoryVDB Entry

FAQ

What is CVE-2013-0294?

CVE-2013-0294 is a vulnerability with a CVSS score of 5.9 (MEDIUM). packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute forc...

How severe is CVE-2013-0294?

CVE-2013-0294 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-0294?

Check the references section above for vendor advisories and patch information. Affected products include: Pyrad Project Pyrad, Fedoraproject Fedora.