Headline

Ubuntu Security Notice USN-6722-1

Ubuntu Security Notice 6722-1 - Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts.

6 months ago

Packet Storm

Open in Source

#vulnerability #web #ubuntu

==========================================================================Ubuntu Security Notice USN-6722-1April 08, 2024python-django vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 14.04 LTS (Available with Ubuntu Pro)Summary:Django accounts could be hijacked through password reset requests.Software Description:- python-django: High-level Python web development frameworkDetails:Simon Charette discovered that the password reset functionality inDjango used a Unicode case insensitive query to retrieve accountsassociated with an email address. An attacker could possibly use thisto obtain password reset tokens and hijack accounts.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 14.04 LTS (Available with Ubuntu Pro):   python-django                   1.6.11-0ubuntu1.3+esm7In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6722-1   CVE-2019-19844

Packet Storm: Latest News

Grav CMS 1.7.44 Server-Side Template Injection

21 hours ago

Packet Storm

Ruby-SAML / GitLab Authentication Bypass

21 hours ago

Packet Storm

iTunes For Windows 12.13.2.3 Local Privilege Escalation

21 hours ago

Packet Storm

ABB Cylon Aspect 3.08.00 syslogSwitch.php Remote Code Execution

21 hours ago

Packet Storm

ABB Cylon Aspect 3.08.01 caldavUtil.php Remote Code Execution

21 hours ago

Packet Storm