CVE-2016-2513

Priority
Description
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and
1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing
attack involving login requests.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (1.8.10,1.9.3)
Ubuntu 14.04 ESM (Trusty Tahr):released (1.6.1-2ubuntu0.12)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.8.7-1ubuntu2)
More Information

Updated: 2020-01-29 19:55:01 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)