Homepage

django-mfa2@1.0 vulnerabilities

Allows user to add 2FA to their accounts

  • latest version

    3.1.0

  • latest non vulnerable version

    3.1.0

  • first published

    6 years ago

  • latest version published

    15 days ago

  • licenses detected

  • View django-mfa2 package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the django-mfa2 package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Replay Attack

    django-mfa2 is an Allows user to add 2FA to their accounts

    Affected versions of this package are vulnerable to Replay Attack by allowing an attacker to register another device for a user, when the device registration challenge not being invalidated after usage.

    How to fix Replay Attack?

    Upgrade django-mfa2 to version 2.5.2, 2.6.1 or higher.

    [,2.5.2)[2.6.0,2.6.1)
    Go back to all versions of this package