CVE-2007-5828

Name of the Vulnerable Software and Affected Versions Django version 0.96

Description A cross-site request forgery (CSRF) issue exists in the admin panel, allowing remote attackers to change passwords of arbitrary users via a request to "admin/auth/user/1/password/". This issue is disputed by Debian due to the product documentation recommending a CSRF protection module. However, the default configuration does not include this module, making it a concern.

Recommendations For Django version 0.96, consider using the recommended CSRF protection module to mitigate the risk of exploitation. As a temporary workaround, restrict access to the admin panel to minimize the risk of arbitrary password changes.