Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Django Observable Timing Discrepancy Vulnerability - CVE-2024-39329 - Vulnerability Database
Django

Django Observable Timing Discrepancy Vulnerability - CVE-2024-39329

Medium
Reference: CVE-2024-39329
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-39329
Title: Django Observable Timing Discrepancy Vulnerability
Overview:

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.