CVE-2016-2513

Опубликовано: 08 апр. 2016

Источник: debian

EPSS Низкий

Описание

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
python-django	fixed	1.9.4-1		package

Примечания

https://www.djangoproject.com/weblog/2016/mar/01/security-releases/

EPSS

Процентиль: 73%

0.00799

Низкий

Связанные уязвимости

CVE-2016-2513

CVSS3: 3.1

ubuntu

около 9 лет назад

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.

CVE-2016-2513

redhat

больше 9 лет назад

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.

CVE-2016-2513

CVSS3: 3.1

nvd

около 9 лет назад

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.

GHSA-fp6p-5xvw-m74f

CVSS3: 3.1

github

около 3 лет назад

Django User Enumeration Vulnerability

openSUSE-SU-2018:0826-1

suse-cvrf

около 7 лет назад

Security update for python-Django

EPSS

Процентиль: 73%

0.00799

Низкий