django-nopassword@1.3.1 vulnerabilities

Authentication backend for django that uses a one time code instead of passwords

Direct Vulnerabilities

Known vulnerabilities in the django-nopassword package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Unprotected Storage of Credentials

django-nopassword is an authentication backend for django that uses a one time code instead of passwords

Affected versions of this package are vulnerable to Unprotected Storage of Credentials. It stores cleartext secrets in the database.

How to fix Unprotected Storage of Credentials?

Upgrade django-nopassword to version 5.0.0 or higher.

[,5.0.0)