Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Ubuntu 14.04 LTS USN-6722-1 Moderate: Django Account Hijack Risk

ubuntu
Calendar Grey April 8, 2024
Dist Ubuntu Esm H88
As cybersecurity threats evolve, Django developers must be vigilant about password reset vulnerabilities related to Ubuntu updates, ensuring secure token usage.
Django accounts could be hijacked through password reset requests.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Django accounts could be hijacked through password reset requests. Software Description: - python-django: High-level Python web development framework Details: Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts.

Topics%20covered

Topics Covered

security advisory moderate Ubuntu vulnerability password reset account hijack Django

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS (Available with Ubuntu Pro): python-django 1.6.11-0ubuntu1.3+esm7 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6722-1

CVE-2019-19844

Ubuntu Security Notice USN-6722-1

Topics%20covered

Topics Covered

security advisory moderate Ubuntu vulnerability password reset account hijack Django

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here