9 matches found
Django vulnerable to information leakage in AuthenticationForm
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...
Fedora 27 : python-django (2018-2c612c6d92)
update to 1.11.10, fix for CVE-2018-6188: Information leakage in AuthenticationForm Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible witho...
CVE-2018-6188
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...
CVE-2018-6188
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...
CVE-2018-6188
CVE-2018-6188 affects Django: AuthenticationForm exposure in Django 2.0 before 2.0.2 and 1.11.8/1.11.9. The confirm_login_allowed() path can leak whether an account is inactive, enabling remote information exposure. Impact is information leakage (no mention of code execution). Patched versions in...
CVE-2018-6188
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...
FreeBSD : Django -- information leakage (d696473f-9f32-42c5-a106-bf4536fb1f74)
Django release notes : CVE-2018-6188: Information leakage in AuthenticationForm A regression in Django 1.11.8 made AuthenticationForm run its confirmloginallowed method even if an incorrect password is entered. This can leak information about a user, depending on what messages confirmloginallowed...
CVE-2018-6188
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirmloginallowed method, as demonstrated by discovering whether a user account is inactive...
Django -- information leakage
Django release notes: CVE-2018-6188: Information leakage in AuthenticationForm A regression in Django 1.11.8 made AuthenticationForm run its confirmloginallowed method even if an incorrect password is entered. This can leak information about a user, depending on what messages confirmloginallowed...