Lucene search
Redhat.comRH:CVE-2018-16984HistoryOct 15, 2018 - 4:19 p.m.
CVE-2018-16984
2018-10-1516:19:07
redhat.com
access.redhat.com
15
EPSS
0.001
Percentile
40.5%
An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the “view” permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes.
Related
osv
osv
Django allows unprivileged users to read the password hashes of arbitrary accounts
2018-10-03 20:07:39
CVE-2018-16984
2018-10-02 18:29:01
PYSEC-2018-3
2018-10-02 18:29:00
nvd
nvd
CVE-2018-16984
2018-10-02 18:29:01
cve
cve
CVE-2018-16984
2018-10-02 18:29:01
prion
prion
Default credentials
2018-10-02 18:29:00
veracode
veracode
Information Disclosure
2018-10-03 03:07:20
cvelist
cvelist
CVE-2018-16984
2018-10-02 18:00:00
ubuntucve
ubuntucve
CVE-2018-16984
2018-10-02 00:00:00
archlinux
archlinux
[ASA-201810-5] python-django: information disclosure
2018-10-01 00:00:00
debiancve
debiancve
CVE-2018-16984
2018-10-02 18:29:01
freebsd
freebsd
Django -- password hash disclosure
2018-10-02 00:00:00
github
github
nessus
nessus
altlinux
altlinux