CVE-2019-19844

This PoC demonstrates an authentication bypass vulnerability in Django (CVE-2019-19844) by exploiting a Unicode case-folding issue in email validation. An attacker can reset the password of a legitimate user by providing a visually similar email address (e.g., using a Unicode character 'ı' instead of 'i').

This repository contains a functional proof-of-concept for CVE-2019-19844, a vulnerability in Django's password reset functionality that allows an attacker to bypass email validation by using visually similar Unicode characters (e.g., 'ı' instead of 'i'). The PoC demonstrates how an attacker can reset the password of a legitimate user by exploiting this flaw.

This repository contains a functional proof-of-concept for CVE-2019-19844, demonstrating an authentication bypass vulnerability in Django's password reset functionality. The exploit leverages Unicode character spoofing (e.g., 'mı[email protected]' vs '[email protected]') to bypass email validation and reset passwords for arbitrary accounts.

This repository contains a functional proof-of-concept for CVE-2019-19844, a vulnerability in Django's password reset functionality that allows for potential information disclosure or phishing via malformed Unicode characters in email addresses. The PoC demonstrates how a malformed email address (e.g., using a Unicode 'ı' instead of 'i') can bypass validation and potentially lead to security issues.

This repository provides a detailed technical analysis of CVE-2019-19844, a password bypass vulnerability in Django's password reset functionality. It explains the root cause, including case-insensitive email matching and incorrect email handling during password reset, and includes patch details.