Use of insecure random number generator in Passeo

Passeo is an open source python password generator. Versions prior to 1.0.5 rely on the python `random` library for random value selection. The python `random` library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator. As a result a motivated attacker may be able to guess generated passwords. This issue has been addressed in version 1.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

使用具有密码学弱点缺陷的PRNG

Passeo 安全特征问题漏洞

Passeo是Arjun Sharda个人开发者的一个 Python 密码生成器。 Passeo 1.0.5 之前版本存在安全特征问题漏洞，该漏洞源于依赖于 python `random` 库来进行随机值选择，它依赖于非加密安全的随机数生成器，攻击者利用该漏洞可能能够猜测生成的密码。

N/A

N/A