First published: Mon Apr 08 2024(Updated: )
Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python-django | <1.6.11-0ubuntu1.3+esm7 | 1.6.11-0ubuntu1.3+esm7 |
Ubuntu Ubuntu | =14.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.