[Python-modules-team] Bug#854390: python-bottle-cork: insecure default hashing algorithm
IOhannes m zmölnig (Debian/GNU)
umlaeute at debian.org
Mon Feb 6 14:52:43 UTC 2017
Source: python-bottle-cork
Severity: grave
Tags: upstream security
Justification: user security hole
As reported on https://github.com/FedericoCeratto/bottle-cork/issues/112, the
"bottle-cork" module uses a very unsecure hashing algorithm (sha1 with 10
iterations) as default.
the defaults should be changed to use a secure hash (or even better: the user
should select the hashing algorithm, rather than Cork)
More information about the Python-modules-team
mailing list