Candidate: CVE-2016-1241
PublicDate: 2016-09-07 19:28:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1241
Description:
 Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x
 before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to
 discover user password hashes via unspecified vectors.
Ubuntu-Description:
Notes:
 ebarretto> password_hash introduced in 3.2.x
Bugs:
 https://bugs.tryton.org/issue5795
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N [5.3 MEDIUM]

Patches_tryton-server:
 upstream: https://hg.tryton.org/trytond/rev/c997e99eaa65 (4.0)
 upstream: https://hg.tryton.org/trytond/rev/7db67ae5f917 (trunk, test)
upstream_tryton-server: released (4.0.4-1)
precise_tryton-server: ignored (reached end-of-life)
precise/esm_tryton-server: DNE (precise was needs-triage)
trusty_tryton-server: not-affected (code not present)
trusty/esm_tryton-server: DNE (trusty was not-affected [code not present])
vivid/stable-phone-overlay_tryton-server: DNE
vivid/ubuntu-core_tryton-server: DNE
xenial_tryton-server: ignored (end of standard support, was needed)
yakkety_tryton-server: ignored (reached end-of-life)
zesty_tryton-server: ignored (reached end-of-life)
artful_tryton-server: ignored (reached end-of-life)
bionic_tryton-server: not-affected (4.0.4-1)
cosmic_tryton-server: not-affected (4.0.4-1)
disco_tryton-server: not-affected (4.0.4-1)
eoan_tryton-server: not-affected (4.0.4-1)
focal_tryton-server: not-affected (4.0.4-1)
groovy_tryton-server: not-affected (4.0.4-1)
hirsute_tryton-server: not-affected (4.0.4-1)
impish_tryton-server: not-affected (4.0.4-1)
jammy_tryton-server: not-affected (4.0.4-1)
devel_tryton-server: not-affected (4.0.4-1)