Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2018-6188 - Vulnerability Database
Django

Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2018-6188

High
Reference: CVE-2018-6188
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-6188
Title: Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2 and 1.11.8 and 1.11.9 allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method as demonstrated by discovering whether a user account is inactive.