7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2013-1445

GHSA ID

GHSA-x377-f64p-hf5j

EPSS Score

0.6134%

CWE

CWE-332

Published

5/17/2022

Updated

10/21/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2013-1445

CVE-2013-1445: PyCrypto does not properly reseed PRNG before allowing access

The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2013-1445

CVE-2013-1445:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2013-1445

GHSA ID

GHSA-x377-f64p-hf5j

EPSS Score

0.6134%

CWE

CWE-332

Published

5/17/2022

Updated

10/21/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
pycrypto	pip	< 2.6.1	2.6.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper handling of PRNG state during process forking. The commit 19dcf7b adds _forget_last_reseed to FortunaAccumulator and modifies _UserFriendlyRNG.reinit to call it. This indicates that:

reinit (called during atfork) was missing critical state reset logic
The pre-patch atfork implementation didn't ensure the PRNG's rate-limiter was cleared Together, these allowed child processes to reuse the parent's PRNG state if reseeded within 100ms. The demonstration code shows identical outputs across processes, confirming the race condition in these functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2013-1445: PyCrypto does not properly reseed PRNG before allowing access

CVE-2013-1445:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2013-1445: PyCrypto does not properly reseed PRNG before allowing access

Technical Details

Basic Information

Basic Information

7.5

7.5

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI