QwikSec

Security Database

CVE

CWE

Training

CVE-2013-1445

Published: Oct 26, 2013

Modified: Sep 16, 2024

PUBLISHED

Description

The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/dlitz/pycrypto/commit/19dcf7b15d61b7dc1a125a367151de40df6ef175

x_refsource_CONFIRM

[oss-security] 20131017 CVE-2013-1445 python-crypto:PRNG not correctly reseeded in some situations

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.