Veracode Vulnerability DatabaseVERACODE:22200Insecure Password Reset
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
Django uses an insecure password reset mechanism. A remote attacker is able to inject into the password reset form, a malicious email address containing a case transformation of Unicode characters that is equal to the existing user’s email address, which will result in the application sending the password reset token to the attacker for the matched user account.
References
packetstormsecurity.com/files/155872/Django-Account-Hijack.html
docs.djangoproject.com/en/dev/releases/security/
groups.google.com/forum/#!topic/django-announce/3oaB2rVH3a0
seclists.org/bugtraq/2020/Jan/9
security.netapp.com/advisory/ntap-20200110-0003/
usn.ubuntu.com/4224-1/
www.debian.org/security/2020/dsa-4598
www.djangoproject.com/weblog/2019/dec/18/security-releases/
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N