Lucene search
K

20 matches found

CVE
CVE
added 2025/05/13 3:34 p.m.44 views

CVE-2025-47276

Actualizer (a Debian OS creator) is affected by CVE-2025-47276 in versions before 1.2.0, due to using OpenSSL’s -passwd which hashes with SHA-512. The vulnerability pertains to password hashing quality for root and Alpha accounts across full OS deployments. Remediation is to upgrade to Actualizer...

7.5CVSS7.7AI score0.00243EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:5 a.m.2 views

SUSE CVE-2016-2513

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests...

3.1CVSS7AI score0.03317EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/17 1:9 a.m.73 views

Django User Enumeration Vulnerability

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests...

3.1CVSS7AI score0.03317EPSS
Exploits0References18Affected Software1
OSV
OSV
added 2022/05/17 1:9 a.m.1 views

GHSA-FP6P-5XVW-M74F Django User Enumeration Vulnerability

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests...

3.1CVSS6.8AI score0.03317EPSS
Exploits0References18
NVD
NVD
added 2016/04/08 3:59 p.m.17 views

CVE-2016-2513

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests...

3.1CVSS5.4AI score0.03317EPSS
Exploits0References13
OSV
OSV
added 2016/04/08 3:59 p.m.1 views

DEBIAN-CVE-2016-2513

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests...

3.1CVSS7AI score0.03317EPSS
Exploits0References1
OSV
OSV
added 2016/04/08 3:59 p.m.4 views

PYSEC-2016-16

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests...

3.1CVSS7.3AI score0.03317EPSS
Exploits0References14
PyPA
PyPA
added 2016/04/08 3:59 p.m.8 views

PYSEC-2016-16

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests...

3.1CVSS7AI score0.03317EPSS
Exploits0References14Affected Software1
Debian CVE
Debian CVE
added 2016/04/08 3:0 p.m.21 views

CVE-2016-2513

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests...

3.1CVSS5.8AI score0.03317EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/04/08 12:0 a.m.37 views

Debian DSA-3544-1 : python-django - security update

Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2016-2512 Mark Striemer discovered that some user-supplied redirect URLs containing basic authentication...

7.4CVSS6AI score0.04035EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2016/04/07 12:0 a.m.35 views

Debian Security Advisory DSA 3544-1 (python-django - security update)

Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2512 Mark Striemer discovered that some user-supplied redirect URLs containing basic authentication...

4.3CVSS6.4AI score0.04035EPSS
Exploits0References1
OSV
OSV
added 2016/04/07 12:0 a.m.42 views

DSA-3544-1 python-django - security update

Bulletin has no description...

7.4CVSS5.5AI score0.04035EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2016/03/24 1:10 a.m.3 views

python-django: User enumeration through timing difference on password hasher work factor upgrade

A timing attack flaw was found in the way Django's PBKDF2PasswordHasher performed password hashing. Passwords hashed with an older version of PBKDF2PasswordHasher used less hashing iterations, and thus allowed an attacker to enumerate existing users based on the time differences in the login...

3.1CVSS5.7AI score0.03317EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/03/24 1:9 a.m.3 views

python-django: User enumeration through timing difference on password hasher work factor upgrade

A timing attack flaw was found in the way Django's PBKDF2PasswordHasher performed password hashing. Passwords hashed with an older version of PBKDF2PasswordHasher used less hashing iterations, and thus allowed an attacker to enumerate existing users based on the time differences in the login...

3.1CVSS5.7AI score0.03317EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2016/03/08 12:0 a.m.30 views

FreeBSD : django -- multiple vulnerabilities (f9e6c0d1-e4cc-11e5-b2bd-002590263bf5)

Tim Graham reports : Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth User enumeration through timing difference on password hasher work factor upgrade %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

7.4CVSS6.2AI score0.04035EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2016/03/01 5:0 p.m.23 views

CVE-2016-2513

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests...

3.1CVSS6.8AI score0.03317EPSS
Exploits0References3
OSV
OSV
added 2016/03/01 5:0 p.m.3 views

UBUNTU-CVE-2016-2513

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests...

3.1CVSS6.7AI score0.03317EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2016/03/01 12:0 a.m.27 views

django -- multiple vulnerabilities

Tim Graham reports: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth User enumeration through timing difference on password hasher work factor upgrade...

1.3AI score
Exploits0References1
Kitploit
Kitploit
added 2014/08/11 11:53 p.m.19 views

PWGen - Generator of cryptographically-strong passwords

PWGen is a professional password generator capable of creating large amounts of cryptographically-secure passwords or passphrases consisting of words from a word list. It uses a “random pool ” technique to generate random data based on user inputs keystrokes, mouse handling and volatile system...

7.4AI score
Exploits0
ThreatPost
ThreatPost
added 2013/09/17 1:40 p.m.31 views

Patches for Django Framework Fix DoS Vuln

Developers behind the Web framework Django have pushed out a new build that fixes a handful of security issues, including a denial of service vulnerability in the framework’s password hasher. Django 1.4.8, Django 1.5.4, and Django 1.6 beta 4 were released over the weekend and users are urged to...

5CVSS1.1AI score0.02661EPSS
Exploits1References3
Rows per page
Query Builder