Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-1443

The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via a long password which is then hashed.

Related bugs and status

CVE-2013-1443 (Candidate) is related to these bugs:

Bug #1225784: CVE-2013-1443 denial-of-service via large passwords

		In	Importance	Status
1225784	CVE-2013-1443 denial-of-service via large passwords	python-django (Ubuntu)	Undecided	Fix Released
1225784	CVE-2013-1443 denial-of-service via large passwords	python-django (Ubuntu Precise)	Undecided	Fix Released
1225784	CVE-2013-1443 denial-of-service via large passwords	python-django (Ubuntu Quantal)	Undecided	Fix Released
1225784	CVE-2013-1443 denial-of-service via large passwords	python-django (Ubuntu Raring)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [django-developers] 20...
CONFIRM: https://www.djangoproj...
DEBIAN: DSA-2758
SUSE: openSUSE-SU-2013:1541
SUSE: openSUSE-SU-2013:1685