Django: User enumeration via timing attack in Django mod_wsgi authentication backend leads to account discovery

A vulnerability was discovered in the checkpassword function in django/contrib/auth/handlers/modwsgi.py. When a non-existent username was provided, the function returned immediately without performing password verification, leading to a timing attack that allowed attackers to enumerate valid...

EUVD-2025-26524

Malicious code in bioql PyPI...

CVE-2025-9824

ImpactThe attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid usernames, after which an attacker could attempt brute force attacks. PatchesThis vulnerability has been patched, implementing a timing-safe form login...

CVE-2025-9824 User Enumeration via Response Timing

ImpactThe attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid usernames, after which an attacker could attempt brute force attacks. PatchesThis vulnerability has been patched, implementing a timing-safe form login...

PT-2025-35774

Name of the Vulnerable Software and Affected Versions: versions prior to the patched version Description: The attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid usernames, after which an attacker could attempt brute for...