Lucene search

User passwords are stored in clear text in the Django session

🗓️ 10 Jul 2020 20:00:55Reported by GitHub Advisory DatabaseType

Clear text password storage in Django session, upgrade to version 1.12 require

Reporter	Title	Published	Views	Family All 8
OSV	PYSEC-2020-39	10 Jul 202021:15	–	osv
OSV	CVE-2020-15105	10 Jul 202021:15	–	osv
OSV	User passwords are stored in clear text in the Django session	10 Jul 202020:55	–	osv
Veracode	Information Disclosure	13 Jul 202005:28	–	veracode
Prion	Authentication flaw	10 Jul 202021:15	–	prion
CVE	CVE-2020-15105	10 Jul 202021:15	–	cve
NVD	CVE-2020-15105	10 Jul 202021:15	–	nvd
Cvelist	CVE-2020-15105 In Django Two-Factor Authentication, user passwords are stored in clear text in the Django session	10 Jul 202020:55	–	cvelist

Source	Link
github	www.github.com/Bouke/django-two-factor-auth/security/advisories/GHSA-vhr6-pvjm-9qwf
github	www.github.com/Bouke/django-two-factor-auth/commit/454fd9842fa6e8bb772dbf0943976bc8e3335359
github	www.github.com/Bouke/django-two-factor-auth/blob/master/CHANGELOG.md
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-15105
github	www.github.com/pypa/advisory-database/tree/main/vulns/django-two-factor-auth/PYSEC-2020-39.yaml
github	www.github.com/advisories/GHSA-vhr6-pvjm-9qwf

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

10 Jul 2020 20:55Current

0.8Low risk

Vulners AI Score0.8

CVSS23.6

CVSS35.4

EPSS0.001

CWE-312