Download
| Alert*
oval:org.secpod.oval:def:1600011
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. The make_nonce, generate_nonce, and generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, ... oval:org.secpod.oval:def:107856 Oauth2 was originally forked from Leah Culver and Andy Smith"s oauth.py code. Some of the tests come from a fork by Vic Fryzel, while a revamped Request class and more tests were merged in from Mark Paschal"s fork. A number of notable differences exist between this code and its forefathers: - 100% u ... oval:org.secpod.oval:def:107769 Oauth2 was originally forked from Leah Culver and Andy Smith"s oauth.py code. Some of the tests come from a fork by Vic Fryzel, while a revamped Request class and more tests were merged in from Mark Paschal"s fork. A number of notable differences exist between this code and its forefathers: - 100% u ... oval:org.secpod.oval:def:107869 Oauth2 was originally forked from Leah Culver and Andy Smith"s oauth.py code. Some of the tests come from a fork by Vic Fryzel, while a revamped Request class and more tests were merged in from Mark Paschal"s fork. A number of notable differences exist between this code and its forefathers: - 100% u ... oval:org.secpod.oval:def:107782 Oauth2 was originally forked from Leah Culver and Andy Smith"s oauth.py code. Some of the tests come from a fork by Vic Fryzel, while a revamped Request class and more tests were merged in from Mark Paschal"s fork. A number of notable differences exist between this code and its forefathers: - 100% u ... |