CVE-2013-1445

Name of the Vulnerable Software and Affected Versions PyCrypto versions prior to 2.6.1

Description The issue is related to the Crypto.Random.atfork function, which does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it. This makes it easier for attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.

Recommendations For versions prior to 2.6.1, update to version 2.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the PRNG in child processes to minimize the risk of exploitation.