Lucene search
GoogleOSV:PYSEC-2018-3HistoryOct 02, 2018 - 6:29 p.m.
PYSEC-2018-3
2018-10-0218:29:00
Google
osv.dev
9
0.002 Low
EPSS
Percentile
52.2%
An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the “view” permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes.
Related
osv
osv
Django allows unprivileged users to read the password hashes of arbitrary accounts
2018-10-03 20:07:39
CVE-2018-16984
2018-10-02 18:29:01
redhatcve
redhatcve
CVE-2018-16984
2018-10-15 16:19:07
cve
cve
CVE-2018-16984
2018-10-02 18:29:01
nvd
nvd
CVE-2018-16984
2018-10-02 18:29:01
freebsd
freebsd
Django -- password hash disclosure
2018-10-02 00:00:00
nessus
nessus
github
github
veracode
veracode
Information Disclosure
2018-10-03 03:07:20
prion
prion
Default credentials
2018-10-02 18:29:00
cvelist
cvelist
CVE-2018-16984
2018-10-02 18:00:00
archlinux
archlinux
[ASA-201810-5] python-django: information disclosure
2018-10-01 00:00:00
debiancve
debiancve
CVE-2018-16984
2018-10-02 18:29:01
ubuntucve
ubuntucve
CVE-2018-16984
2018-10-02 00:00:00
altlinux
altlinux