VYPR
Low severity3.1NVD Advisory· Published Apr 8, 2016· Updated Jun 17, 2026

CVE-2016-2513

CVE-2016-2513

Description

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
DjangoPyPI
< 1.8.101.8.10
DjangoPyPI
>= 1.9, < 1.9.31.9.3

Affected products

6

Patches

Vulnerability mechanics

References

21

News mentions

0

No linked articles in our index yet.