CVE-2013-1895
Improper Restriction of Excessive Authentication Attempts in py-bcrypt
7.5
HIGH
CVSS 3.1
EPSS 1.2%
Description
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.
How to fix CVE-2013-1895
To remediate CVE-2013-1895, upgrade the affected package to a fixed version below.
- Debian/python-bcrypt—upgrade to 0.4-1 or later
- —upgrade to 0.3 or later
- —upgrade to 0.3 or later
Is CVE-2013-1895 being exploited?
Low — EPSS is 1.2%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 0.4-1
- from 0, < 0.3
- from 0, < 0.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |