Описание
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:djangoproject:django:1.8.9:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00799
Низкий
3.1 Low
CVSS3
2.6 Low
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 3.1
ubuntu
около 9 лет назад
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.
redhat
больше 9 лет назад
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.
CVSS3: 3.1
debian
около 9 лет назад
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 ...
EPSS
Процентиль: 73%
0.00799
Низкий
3.1 Low
CVSS3
2.6 Low
CVSS2
Дефекты
CWE-200