VDB
CVE-2013-1895
CVE-2013-1895
REJECTED
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.
EPSS 1.17% · 79.1th percentile
Risk Scores
EPSS Score
1.17%
79.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | python-bcrypt | 0, 0.2-0ubuntu1 |
Exploit Intelligence
- http://www.openwall.com/lists/oss-security/2013/03/26/2 (circl)
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101387.html (circl)
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101382.html (circl)
- http://www.securityfocus.com/bid/58702 (circl)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83039 (circl)
Timeline
- Jan 28, 2020 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 8, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2013-1895 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2013-1895 third-party-advisory