What is CVE-2013-1445?

CVE-2013-1445 is a vulnerability in Dlitz Pycrypto, classified under Cryptographic Issues. Published 2013-10-26.

Is CVE-2013-1445 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Dlitz Pycrypto

CVE-2013-1445

The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sen…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.004 (62.5th percentile) — read the EPSS interpretation.

Affected products

Dlitz Pycrypto — versions 1.0.0, 1.0.1, 1.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

Public proof-of-concept exploits

References

security@debian.org (x_refsource_CONFIRM, Exploit)
[oss-security] 20131017 CVE-2013-1445 python-crypto:PRNG not correctly reseeded in some situations (mailing-list, x_refsource_MLIST, Exploit, Patch)
DSA-2781 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2013-1445?: CVE-2013-1445 is a vulnerability in Dlitz Pycrypto, classified under Cryptographic Issues. Published 2013-10-26.
Is CVE-2013-1445 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.