USN-6722-1: Django vulnerability

Ubuntu Security Advisory

Simon Charette discovered that the password reset functionality in
Django used a Unicode case insensitive query to retrieve accounts
associated with an email address. An attacker could possibly use this
to obtain password reset tokens and hijack accounts.


Leave a Reply

Your email address will not be published. Required fields are marked *