CVE-2016-1241: Tryton allows users to read the hashed password
(updated )
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.
References
- bugs.tryton.org/issue5795
- github.com/advisories/GHSA-52j9-v3jc-9xgc
- github.com/pypa/advisory-database/tree/main/vulns/tryton/PYSEC-2016-40.yaml
- github.com/pypa/advisory-database/tree/main/vulns/trytond/PYSEC-2016-12.yaml
- github.com/tryton/trytond
- github.com/tryton/trytond/commit/11424d57b7838381745655e2e89470ff9087cd27
- github.com/tryton/trytond/commit/30d2a6dcaf09340829cd70ee8a15a4941ca7161a
- nvd.nist.gov/vuln/detail/CVE-2016-1241
Code Behaviors & Features
Detect and mitigate CVE-2016-1241 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →