CVE-2016-2513 (retired)

Priority
Description
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and
1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing
attack involving login requests.
Assigned-to
mdeslaur
Package
Upstream:released (1.8.10,1.9.3)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.8.7-1ubuntu2)
More Information

Updated: 2019-09-19 15:57:35 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)