Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Django_two\-Factor_authentication
(Django_two\-Factor_authentication_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 1 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-10 | CVE-2020-15105 | Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authentication code. This means that the password is stored in clear text in the session for an arbitrary amount of time, and potentially forever if the user begins the login process by entering their... | Django_two\-Factor_authentication | N/A |