12 matches found
EUVD-2019-0033
Malware in sbrugna...
CVE-2019-13177
verification.py in django-rest-registration aka Django REST Registration library before 0.5.0 relies on a static string for signatures i.e., the Django Signing API is misused, which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to...
Verification Process Spoofing
django-rest-registration is vulnerable to verification process spoofing. The misuse of django signing API and just relying on static string for signatures leads to easily guessable signatures used for email verification...
CVE-2019-13177
verification.py in django-rest-registration aka Django REST Registration library before 0.5.0 relies on a static string for signatures i.e., the Django Signing API is misused, which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to...
CVE-2019-13177
verification.py in django-rest-registration aka Django REST Registration library before 0.5.0 relies on a static string for signatures i.e., the Django Signing API is misused, which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to...
PYSEC-2019-20
verification.py in django-rest-registration aka Django REST Registration library before 0.5.0 relies on a static string for signatures i.e., the Django Signing API is misused, which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to...
PYSEC-2019-20
verification.py in django-rest-registration aka Django REST Registration library before 0.5.0 relies on a static string for signatures i.e., the Django Signing API is misused, which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to...
Design/Logic Flaw
verification.py in django-rest-registration aka Django REST Registration library before 0.5.0 relies on a static string for signatures i.e., the Django Signing API is misused, which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to...
PYSEC-2019-90
verification.py in django-rest-registration aka Django REST Registration library before 0.5.0 relies on a static string for signatures i.e., the Django Signing API is misused, which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to...
CVE-2019-13177
The CVE is supported by concrete details in connected sources: django-rest-registration before 0.5.0 misuses the Django Signer API by passing the salt as the secret key, resulting in static, easily guessable verification signatures. This allows remote attackers to spoof the verification process v...
GHSA-P3W6-JCG4-52XH Improper Verification of Cryptographic Signature in django-rest-registration
Misusing the Django Signer API leads to predictable signatures used in verification emails Impact The vulnerability is a high severity one. Anyone using Django REST Registration library versions 0.2. - 0.4. with e-mail verification option which is recommended, but needs additional configuration i...
Improper Verification of Cryptographic Signature in django-rest-registration
Misusing the Django Signer API leads to predictable signatures used in verification emails Impact The vulnerability is a high severity one. Anyone using Django REST Registration library versions 0.2. - 0.4. with e-mail verification option which is recommended, but needs additional configuration i...