web2py prior to 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote malicious user to perform brute-force attacks.
Debian Bug report logs -
#860038
web2py: CVE-2016-10321
Package:
src:web2py;
Maintainer for src:web2py is José L Redrejo Rodríguez <jredrejo@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 10 Apr 2017 15:15:02 UTC
Severity: important
Tags: patch, security, upstream
Found in version w ...