Vulnerability DatabaseCVE-2016-2513
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2016-2513
April 08, 2016
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.
Affected Packages
Django (PYTHON):
Affected version(s)
Fix Suggestion:
Update to version 1.8.10
Django (PYTHON):
Affected version(s)
Fix Suggestion:
Update to version 1.9.3
Related Resources (21)
http://www.ubuntu.com/usn/USN-2915-3
https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-16.yaml
http://rhn.redhat.com/errata/RHSA-2016-0506.html
http://www.debian.org/security/2016/dsa-3544
http://www.securityfocus.com/bid/83878
http://www.ubuntu.com/usn/USN-2915-1
https://nvd.nist.gov/vuln/detail/CVE-2016-2513
https://www.djangoproject.com/weblog/2016/mar/01/security-releases
https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
https://github.com/django/django/commit/af7d09b0c5c6ab68e629fd9baf736f9dd203b18e
https://github.com/django/django/commit/f4e6e02f7713a6924d16540be279909ff4091eb6
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://rhn.redhat.com/errata/RHSA-2016-0505.html
https://github.com/django/django
https://web.archive.org/web/20200228001222/http://www.securityfocus.com/bid/83878
https://github.com/django/django/commit/67b46ba7016da2d259c1ecc7d666d11f5e1cfaab
https://web.archive.org/web/20160322001143/http://www.securitytracker.com/id/1035152
http://rhn.redhat.com/errata/RHSA-2016-0502.html
http://www.ubuntu.com/usn/USN-2915-2
http://rhn.redhat.com/errata/RHSA-2016-0504.html
http://www.securitytracker.com/id/1035152
Do you need more information?
Contact Us
CVSS v4
Base Score:
2.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
3.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
CVSS v2
Base Score:
2.6
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
Weakness Type (CWE)
Exposure of Sensitive Information to an Unauthorized Actor
CWE-200
EPSS
Base Score:
1.25