The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers.
References
Link | Resource |
---|---|
https://security.dxw.com/advisories/the-oauth2-complete-plugin-for-wordpress-uses-a-pseudorandom-number-generator-which-is-non-cryptographically-secure/ | Third Party Advisory |
https://wordpress.org/plugins/oauth2-provider/#developers | Product Vendor Advisory |
Configurations
History
No history.
Information
Published : 2019-09-26 02:15
Updated : 2024-02-28 17:28
NVD link : CVE-2015-9435
Mitre link : CVE-2015-9435
CVE.ORG link : CVE-2015-9435
JSON object : View
Products Affected
dash10
- oauth_server
CWE
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)