django-nopassword before 5.0.0 stores cleartext secrets in the database.
References
Link | Resource |
---|---|
https://github.com/relekang/django-nopassword/blob/8e8cfc765ee00adfed120c2c79bf71ef856e9022/nopassword/models.py#L14 | Third Party Advisory |
https://github.com/relekang/django-nopassword/commit/d8b4615f5fbfe3997d96cf4cb3e342406396193c | Patch Third Party Advisory |
https://github.com/relekang/django-nopassword/compare/v4.0.1...v5.0.0 | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-03-18 15:15
Updated : 2024-02-28 17:47
NVD link : CVE-2019-10682
Mitre link : CVE-2019-10682
CVE.ORG link : CVE-2019-10682
JSON object : View
Products Affected
django-nopassword_project
- django-nopassword
CWE
CWE-312
Cleartext Storage of Sensitive Information