How severe is CVE-2018-16984?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2018-16984?

This is classified as CWE-522, which is a common weakness in software security.

CVE-2018-16984

MEDIUM Year: 2018

CVSS v3 Score

4.9

Medium

CVSS v2 Score

4.0

Medium

Weakness Type

CWE-522

View all →

Vulnerability Description

An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes.

CVE-2018-9279

MEDIUM

CVSS:4.9(Medium)

An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the user's password. The web page displayed by the appliance contains the password in cleartext. Passwords could be re...

CWE-5222018

CVE-2018-9280

MEDIUM

CVSS:4.9(Medium)

An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP version 3 user's password. The web page displayed by the appliance contains the password in cleartext. Passwo...

CWE-5222018

CVE-2019-13349

MEDIUM

CVSS:4.9(Medium)

In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes.

CWE-5222019

CVE-2019-13421

MEDIUM

CVSS:4.9(Medium)

Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.

CWE-5222019