PT-2016-5175 · Django Software Foundation+2 · Django+2

Sjoerd Job Postmus

Published

2016-03-01

Updated

2024-06-15

CVE-2016-2513

CVSS v3.1

3.1

Low

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Django versions prior to 1.8.10 Django versions 1.9.x prior to 1.9.3

Description The issue allows remote attackers to enumerate users via a timing attack involving login requests. This is due to a problem in the password hasher.

Recommendations For Django versions prior to 1.8.10, update to version 1.8.10 or later. For Django versions 1.9.x prior to 1.9.3, update to version 1.9.3 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2016-2173

CVE-2016-2513

DSA-3544-1

GHSA-FP6P-5XVW-M74F

MGASA-2016-0096

OPENSUSE-SU-2024:10361-1

PYSEC-2016-16

RHSA-2016:0502

RHSA-2016:0503

RHSA-2016:0504

RHSA-2016:0505

RHSA-2016:0506

USN-2915-1

USN-2915-2

USN-2915-3

Affected Products

Alt Linux

Django

Ubuntu

PT-2016-5175 · Django Software Foundation+2 · Django+2

CVE-2016-2513

Weakness Enumeration

Related Identifiers

Affected Products

References · 44