Django has Observable Timing Discrepancy

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

CVE-2025-13473

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

EUVD-2018-7566

Malware in sbrugna...

EUVD-2021-7974

Malicious code in bioql PyPI...

EUVD-2023-0136

Malicious code in bioql PyPI...

CVE-2025-43751

User enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10 and 7.4 GA through update 92...

Celk Sistemas Celk Saude 安全漏洞

Celk Sistemas Celk Saude is a health sector management software from Celk Sistemas, Brazil. A security vulnerability exists in Celk Sistemas Celk Saude version 3.1.252.1, which stems from an error message discrepancy in the password recovery feature that could lead a remote attacker to enumerate...

CVE-2024-39329

A vulnerability was found in Python-Django in the django.contrib.auth.backends.ModelBackend.authenticate method. This flaw allows remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords. Mitigation Mitigation for this issue is either not...

IBM i Code Issues Vulnerabilities

IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. A code issue vulnerability exists in IBM I versions 7.2, 7.3, 7.4, and 7.5, which stems from the vulnerability of Service Tools Server SST to SST user enumeration attac...

Fedora 39 : matrix-synapse (2023-957972e77c)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-957972e77c advisory. Update to 1.95.1 CVE-2023-43796 ---- Update to v1.95.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

DEBIAN-CVE-2023-43796

Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or...

CVE-2022-38755 Filr Remote unauthenticated user enumeration for versions prior to 4.3.1.1

A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prio...

PT-2022-21866 · Ca · Ca Automic Automation

Name of the Vulnerable Software and Affected Versions: CA Automic Automation versions 12.2 through 12.3 Description: The issue is related to insecure input handling in the Automic Agent, which could allow a remote attacker to potentially enumerate users. Recommendations: For CA Automic Automation...

CVE-2021-34580 Remote user enumeration in mymbCONNECT24, mbCONNECT24 <= 2.9.0

In mymbCONNECT24, mbCONNECT24 = 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts...

Design/Logic Flaw

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE...

Design/Logic Flaw

Avolve Software ProjectDox 8.1 allows remote attackers to enumerate users via vectors related to email addresses...

CVE-2016-6145

The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailederroronconnect option is not supported or is configured as "False," which allows remote attackers to enumerat...

PYSEC-2016-16

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests...

PYSEC-2016-16

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests...

Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3335/info Versions of Apache webserver shipping with Red Hat Linux 7.0 and possibly other Apache distributions install with a default misconfiguration which could allow remote users to determine whether a give username...