Security Advisory

CVE-2024-39329

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-10 00:00:00

Last updated 2025-11-04 16:12:25

Assigner mitre

State PUBLISHED

Description

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.

← Browse all CVEs View on cve.org ↗