Weak Random Number Generation in SimpleGeo python-oauth2
CVE-2013-4347 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:N
The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.
Learn more about our Web Application Penetration Testing UK.