Lucene search
MitreCVELIST:CVE-2018-16984HistoryOct 02, 2018 - 6:00 p.m.
CVE-2018-16984
2018-10-0218:00:00
mitre
www.cve.org
1
An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the “view” permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes.
Related
osv
osv
Django allows unprivileged users to read the password hashes of arbitrary accounts
2018-10-03 20:07:39
PYSEC-2018-3
2018-10-02 18:29:00
CVE-2018-16984
2018-10-02 18:29:01
redhatcve
redhatcve
CVE-2018-16984
2018-10-15 16:19:07
cve
cve
CVE-2018-16984
2018-10-02 18:29:01
nvd
nvd
CVE-2018-16984
2018-10-02 18:29:01
veracode
veracode
Information Disclosure
2018-10-03 03:07:20
prion
prion
Default credentials
2018-10-02 18:29:00
freebsd
freebsd
Django -- password hash disclosure
2018-10-02 00:00:00
nessus
nessus
github
github
archlinux
archlinux
[ASA-201810-5] python-django: information disclosure
2018-10-01 00:00:00
ubuntucve
ubuntucve
CVE-2018-16984
2018-10-02 00:00:00
debiancve
debiancve
CVE-2018-16984
2018-10-02 18:29:01
altlinux
altlinux