CVE-2013-1895

EUVD-2020-0151
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
pythonpy-bcrypt
𝑥
< 0.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python-bcrypt
bookworm
3.2.2-1
fixed
bullseye
3.1.7-4
fixed
sid
4.2.0-2
fixed
squeeze
not-affected
trixie
4.2.0-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-bcrypt
hardy
dne
lucid
not-affected
oneiric
ignored
precise
not-affected
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101382.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101387.html
http://www.openwall.com/lists/oss-security/2013/03/26/2
http://www.securityfocus.com/bid/58702
https://exchange.xforce.ibmcloud.com/vulnerabilities/83039
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101382.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101387.html
http://www.openwall.com/lists/oss-security/2013/03/26/2
http://www.securityfocus.com/bid/58702
https://exchange.xforce.ibmcloud.com/vulnerabilities/83039