CVE-2016-1241: Tryton allows users to read the hashed password
5.3
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.47328%
CWE
Published
5/17/2022
Updated
11/22/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
trytond | pip | >= 3.0.0, < 3.2.17 | 3.2.17 |
trytond | pip | >= 3.4.0, < 3.4.14 | 3.4.14 |
trytond | pip | >= 3.8.0, < 3.8.8 | 3.8.8 |
trytond | pip | >= 3.6.0, < 3.6.12 | 3.6.12 |
trytond | pip | >= 4.0.0, < 4.0.4 | 4.0.4 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The key evidence comes from the patched commit 30d2a6d which adds a read() method override in the User class that explicitly nullifies the 'password_hash' field in read operations. The accompanying test (test_read_password_hash in test_user.py) demonstrates that prior to this fix, the password_hash field was readable. The vulnerability stems from the absence of this sanitization logic in the original User.read() implementation, allowing exposure of password hashes to authenticated users.