CVE-2013-1443 — Improper Authentication in Django

CWE-287 — Improper Authentication CWE-400 — Uncontrolled Resource Consumption11 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

1.0%

top 22.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Djangoproject Django

Timeline

PublishedSep 23

Latest updateMay 17

Description

The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via a long password which is then hashed.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶PyPIdjangoproject/django1.4 — 1.4.8+1

▶NVDdjangoproject/django12 versions+11

Patches

Patch: www.djangoproject.com ↗Patch: www.djangoproject.com ↗

🔴Vulnerability Details

OSV

Django Denial of Service Vulnerability in the authentication framework↗2022-05-17

▶

GHSA

Django Denial of Service Vulnerability in the authentication framework↗2022-05-17

▶

OSV

CVE-2013-1443: The authentication framework (django↗2013-09-23

▶

CVEList

CVE-2013-1443: The authentication framework (django↗2013-09-23

▶

📋Vendor Advisories

Ubuntu

Django vulnerabilities↗2013-09-24

▶

Red Hat

python-django: DoS via large passwords↗2013-09-15

▶

Debian

CVE-2013-1443: python-django - The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8,...↗2013

▶

💬Community

Bugzilla

CVE-2013-1443 Django14: python-django: DoS via large passwords [epel-6]↗2013-09-16

▶

Bugzilla

CVE-2013-1443 python-django: DoS via large passwords↗2013-09-16

▶

Bugzilla

CVE-2013-1443 python-django: DoS via large passwords [fedora-all]↗2013-09-16

▶