PT-2020-9123 · Unknown · Django-Nopassword

Published

2020-03-18

Updated

2021-07-21

CVE-2019-10682

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions django-nopassword versions prior to 5.0.0

Description The issue concerns the storage of cleartext secrets in the database. This affects django-nopassword, where secrets are stored in an unencrypted manner, potentially exposing sensitive information.

Recommendations For versions prior to 5.0.0, update to version 5.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the database to minimize the risk of exploitation.

Fix

Cleartext Storage of Sensitive Information

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312CWE-522

Related Identifiers

CVE-2019-10682

GHSA-37CF-R3W2-GJFW

PYSEC-2020-229

Affected Products

Django-Nopassword

PT-2020-9123 · Unknown · Django-Nopassword

CVE-2019-10682

Weakness Enumeration

Related Identifiers

Affected Products

References · 12