[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: about python-oauth2: CVE-2013-4347

Philippe Makowski  [2013-10-18 22:02] :
> but it let the other CVE-2013-4346 about _check_signature() ignoring the
> nonce value when validating signed urls
> any idea ?
maybe something like that

But I don't really understand this CVE since python-oauth2 Server is only :

    """A skeletal implementation of a service provider, providing protected
resources to requests from authorized consumers.

It don't intend to be a full service provider

Reply to: