The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers.
References
Link | Resource |
---|---|
https://security.dxw.com/advisories/the-oauth2-complete-plugin-for-wordpress-uses-a-pseudorandom-number-generator-which-is-non-cryptographically-secure/ | Third Party Advisory |
https://wordpress.org/plugins/oauth2-provider/#developers | Product Vendor Advisory |
https://security.dxw.com/advisories/the-oauth2-complete-plugin-for-wordpress-uses-a-pseudorandom-number-generator-which-is-non-cryptographically-secure/ | Third Party Advisory |
https://wordpress.org/plugins/oauth2-provider/#developers | Product Vendor Advisory |
Configurations
History
21 Nov 2024, 02:40
Type | Values Removed | Values Added |
---|---|---|
References | () https://security.dxw.com/advisories/the-oauth2-complete-plugin-for-wordpress-uses-a-pseudorandom-number-generator-which-is-non-cryptographically-secure/ - Third Party Advisory | |
References | () https://wordpress.org/plugins/oauth2-provider/#developers - Product, Vendor Advisory |
Information
Published : 2019-09-26 02:15
Updated : 2024-11-21 02:40
NVD link : CVE-2015-9435
Mitre link : CVE-2015-9435
CVE.ORG link : CVE-2015-9435
JSON object : View
Products Affected
dash10
- oauth_server
CWE
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)