Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Authentication Bypass vulnerabilities in an interactive lesson.
Start learningUpgrade djoser
to version 2.3.0 or higher.
djoser is a REST implementation of Django authentication system.
Affected versions of this package are vulnerable to Authentication Bypass when the authenticate()
function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks such as two-factor authentication, LDAP validations, or requirements from configured AUTHENTICATION_BACKENDS.