vulnerability

Alpine Linux: CVE-2016-9013: Use of Hard-coded Credentials

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Dec 9, 2016

Added

Aug 30, 2017

Modified

Mar 25, 2026

Description

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.

Solutions

alpine-linux-upgrade-py-djangoalpine-linux-upgrade-py3-django

References

CVE-2016-9013
https://attackerkb.com/topics/CVE-2016-9013
https://security.alpinelinux.org/vuln/CVE-2016-9013
https://euvd.enisa.europa.eu/vulnerability/EUVD-2016-0006
CWE-798
EUVD-EUVD-2016-0006

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report