django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-02-05T03:00:00

Updated: 2024-08-05T05:54:53.251Z

Reserved: 2018-01-24T00:00:00

Link: CVE-2018-6188

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-02-05T03:29:00.267

Modified: 2024-11-21T04:10:15.193

Link: CVE-2018-6188

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-02-05T13:23:00Z

Links: CVE-2018-6188 - Bugzilla