5 matches found
The vulnerability of the django.contrib.auth.backends.ModelBackend.authenticate() method in the Django web application framework allows a hacker to gain unauthorized access to protected information.
The vulnerability of the django.contrib.auth.backends.ModelBackend.authenticate method in the Django web application framework is related to insufficient protection of sensitive data due to timing discrepancies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain...
OESA-2024-2036 python-django security update
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with ...
CVE-2024-39329
A vulnerability was found in Python-Django in the django.contrib.auth.backends.ModelBackend.authenticate method. This flaw allows remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords. Mitigation Mitigation for this issue is either not...
CVE-2024-39329
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...
Django -- information leakage
Django release notes: CVE-2018-6188: Information leakage in AuthenticationForm A regression in Django 1.11.8 made AuthenticationForm run its confirmloginallowed method even if an incorrect password is entered. This can leak information about a user, depending on what messages confirmloginallowed...