Timing Attack Affecting django-basicauth package, versions [,0.4.2)
Snyk CVSS
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-DJANGOBASICAUTH-42041
- published 7 Dec 2017
- disclosed 3 Dec 2017
- credit Hugo Castilho
Overview
django-basicauth
is a basic auth utility package for Django.
Affected versions of this package are vulnerable to timing attacks due to not validating passwords in constant time.