CVE-2016-9013 - log back

CVE-2016-9013 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Authentication bypass
Description
+ When running tests with an Oracle database, Django creates a temporary database user. In older versions, if a password isn't manually specified in the database settings TEST dictionary, a hardcoded password is used. This could allow an attacker with network access to the database server to connect.
+
+ This user is usually dropped after the test suite completes, but not when using the manage.py test --keepdb option or if the user has an active session (such as an attacker's connection).
References
+ https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
Notes