Djangoproject » Django » 1.9.2 : Security Vulnerabilities, CVEs, Published In 2016 (Information Leak)
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.
Max CVSS
3.1
EPSS Score
0.72%
Published
2016-04-08
Updated
2017-09-08
1 vulnerabilities found