Vulnerabilities > CVE-2015-9435 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Dash10 Oauth Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://security.dxw.com/advisories/the-oauth2-complete-plugin-for-wordpress-uses-a-pseudorandom-number-generator-which-is-non-cryptographically-secure/
- https://security.dxw.com/advisories/the-oauth2-complete-plugin-for-wordpress-uses-a-pseudorandom-number-generator-which-is-non-cryptographically-secure/
- https://wordpress.org/plugins/oauth2-provider/#developers
- https://wordpress.org/plugins/oauth2-provider/#developers