FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
004d8c23-c710-11e8-98c7-000c29434208	Django -- password hash disclosure Django release notes: CVE-2018-16984: Password hash disclosure to "view only" admin users If an admin user has the change permission to the user model, only part of the password hash is displayed in the change form. Admin users with the view (but not change) permission to the user model were displayed the entire hash. While it's typically infeasible to reverse a strong password hash, if your site uses weaker password hashing algorithms such as MD5 or SHA1, it could be a problem. Discovery 2018-10-02 Entry 2018-10-03 py34-django21 py35-django21 py36-django21 py37-django21 < 2.1.2 https://docs.djangoproject.com/en/2.1/releases/2.1.2/ CVE-2018-16984

VuXML ID

Description

004d8c23-c710-11e8-98c7-000c29434208

Django -- password hash disclosure

Django release notes:

CVE-2018-16984: Password hash disclosure to "view only" admin users

If an admin user has the change permission to the user model, only part of the password hash is displayed in the change form. Admin users with the view (but not change) permission to the user model were displayed the entire hash. While it's typically infeasible to reverse a strong password hash, if your site uses weaker password hashing algorithms such as MD5 or SHA1, it could be a problem.

Discovery 2018-10-02
Entry 2018-10-03
py34-django21
py35-django21
py36-django21
py37-django21

< 2.1.2

https://docs.djangoproject.com/en/2.1/releases/2.1.2/
CVE-2018-16984