Description

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.

Remediation

References

CVE-2016-2513

Related Vulnerabilities

Oracle Database Server CVE-2008-2613 Vulnerability (CVE-2008-2613)

PHP NULL Pointer Dereference Vulnerability (CVE-2016-6292)

WordPress Plugin Display Posts Shortcode Unspecified Vulnerability (1.9)

MySQL CVE-2023-22059 Vulnerability (CVE-2023-22059)

Oracle HTTP Server CVE-2022-21593 Vulnerability (CVE-2022-21593)

Severity

Low

Classification

CVE-2016-2513 CWE-200 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities