CVE-2007-0405 Information

Description

The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests which allows remote authenticated users to gain the privileges of a different user.

Reference

http://code.djangoproject.com/changeset/3754 http://secunia.com/advisories/23826 http://www.securityfocus.com/bid/22138 https://exchange.xforce.ibmcloud.com/vulnerabilities/31628