5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.013 Low
EPSS
Percentile
85.3%
The authentication framework (django.contrib.auth) computes the hash of a password each time a user attempts to log in, no matter the length of the password. Thus, a remote attacker can cause a denial of service (CPU consumption) by repeatedly submitting long passwords.
CPE | Name | Operator | Version |
---|---|---|---|
pypi/django | ge | 1.4 | |
pypi/django | lt | 1.4.8 | |
pypi/django | ge | 1.5 | |
pypi/django | lt | 1.5.4 |