fd02a9c3d0
The oAuth1 verifier was generated as a random number ranging from 1000 to 9999. This small range of numbers is vulnerable to brute-force attacks as described in CWE-330. The verifier is now a 8-character long alphanumerical string, a good compromise between security against guessing and ease of use. SecurityImpact Change-Id: Ibe4a2e57a02c261d85ba6c0d61696f134c54443e Closes-Bug: #1236675 |
||
---|---|---|
.. | ||
access | ||
admin_crud | ||
ec2 | ||
endpoint_filter | ||
example | ||
federation | ||
oauth1 | ||
revoke | ||
s3 | ||
simple_cert | ||
stats | ||
user_crud | ||
__init__.py |