Lucene search
Veracode Vulnerability DatabaseVERACODE:5784HistoryFeb 02, 2018 - 5:13 a.m.
Information Leakage
2018-02-0205:13:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.002 Low
EPSS
Percentile
57.7%
Django is vulnerable to information leakage. Django will run the confirm_login_allowed() method even if the password is incorrect. From this method, attackers can gleam some information depending on the errors that arise. For example, if the standard confirm_login_allowed() is used, an attacker can enter any username and see if the value of is_active.
Related
nessus
nessus
Fedora 27 : python-django (2018-2c612c6d92)
2018-02-15 00:00:00
RHEL 8 : django (Unpatched Vulnerability)
2024-06-03 00:00:00
osv
osv
Django Information leakage in AuthenticationForm
2018-10-03 21:13:54
PYSEC-2018-4
2018-02-05 03:29:00
CVE-2018-6188
2018-02-05 03:29:00
fedora
fedora
[SECURITY] Fedora 27 Update: python-django-1.11.10-1.fc27
2018-02-14 17:33:50
redhatcve
redhatcve
CVE-2018-6188
2018-02-05 13:49:45
cvelist
cvelist
CVE-2018-6188
2018-02-05 03:00:00
ubuntucve
ubuntucve
CVE-2018-6188
2018-02-04 00:00:00
cve
cve
CVE-2018-6188
2018-02-05 03:29:00
prion
prion
Input validation
2018-02-05 03:29:00
openvas
openvas
Fedora Update for python-django FEDORA-2018-2c612c6d92
2018-02-15 00:00:00
Ubuntu: Security Advisory (USN-3559-1)
2018-10-26 00:00:00
alpinelinux
alpinelinux
CVE-2018-6188
2018-02-05 03:29:00
github
github
Django Information leakage in AuthenticationForm
2018-10-03 21:13:54
freebsd
freebsd
Django -- information leakage
2018-02-01 00:00:00
nvd
nvd
CVE-2018-6188
2018-02-05 03:29:00
debiancve
debiancve
CVE-2018-6188
2018-02-05 03:29:00
ubuntu
ubuntu
Django vulnerabilities
2018-02-07 00:00:00
altlinux
altlinux
redhat
redhat