Lucene search
K

5 matches found

BDU FSTEC
BDU FSTEC
added 2024/09/18 12:0 a.m.5 views

The vulnerability of the django.contrib.auth.backends.ModelBackend.authenticate() method in the Django web application framework allows a hacker to gain unauthorized access to protected information.

The vulnerability of the django.contrib.auth.backends.ModelBackend.authenticate method in the Django web application framework is related to insufficient protection of sensitive data due to timing discrepancies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain...

5.3CVSS6.5AI score0.00889EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2024/08/23 11:8 a.m.6 views

OESA-2024-2036 python-django security update

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with ...

9.8CVSS7.9AI score0.28637EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2024/07/18 6:34 a.m.24 views

CVE-2024-39329

A vulnerability was found in Python-Django in the django.contrib.auth.backends.ModelBackend.authenticate method. This flaw allows remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords. Mitigation Mitigation for this issue is either not...

3.7CVSS5.8AI score0.00889EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/07/09 2:0 p.m.16 views

CVE-2024-39329

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

5.3CVSS6.8AI score0.00889EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2018/02/01 12:0 a.m.46 views

Django -- information leakage

Django release notes: CVE-2018-6188: Information leakage in AuthenticationForm A regression in Django 1.11.8 made AuthenticationForm run its confirmloginallowed method even if an incorrect password is entered. This can leak information about a user, depending on what messages confirmloginallowed...

7.5CVSS7.6AI score0.04897EPSS
Exploits0References2
Rows per page
Query Builder