The authentication framework (django.contrib.auth) in Django 1.4.x prior to 1.4.8, 1.5.x prior to 1.5.4, and 1.6.x prior to 1.6 beta 4 allows remote malicious users to cause a denial of service (CPU consumption) via a long password which is then hashed.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
djangoproject django 1.4.5 |
||
djangoproject django 1.4.6 |
||
djangoproject django 1.4 |
||
djangoproject django 1.4.1 |
||
djangoproject django 1.4.2 |
||
djangoproject django 1.4.4 |
||
djangoproject django 1.4.7 |
||
djangoproject django 1.6 |
||
djangoproject django 1.5 |
||
djangoproject django 1.5.3 |
||
djangoproject django 1.5.1 |
||
djangoproject django 1.5.2 |