Affecting oic package, versions [,0.11.0.0)
oic is Python implementation of OAuth2 and OpenID Connect.
Affected versions of the package are vulnerable to Insecure Encryption due to using a weak key derivation function and constant (initialization vector).
oic to version 0.11.0.0 or higher.
Do your applications use this vulnerable package?
- Michael Schlenker
- Snyk ID
- 08 May, 2017
- 11 Jan, 2018