AIKIDO-2024-10436

django-allauth is vulnerable to Improper Restriction of Excessive Authentication Attempts

Medium

django-allauth python

AIKIDO-2024-10436: django-allauth is vulnerable to Improper Restriction of Excessive Authentication Attempts in versions 0.63.0 - 65.1.0.

Improper Restriction of Excessive Authentication Attempts

Vuln in 0.63.0 - 65.1.0

Fixed in 65.2.0

No CVE available

TL;DR

Email account verification is not limited so affected versions of this package are vulnerable to a bruteforce attack because 'settings.ACCOUNT_EMAIL_VERIFICATION_BY_CODE_MAX_ATTEMPTS' is not enforced.

Who does this affect?

You're affected if you are using a version which is within vulnerability ranges.

How can it be fixed?

Upgrade django-allauth library to patch version.

Background info

Link to vendor website

🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium

🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US

AIKIDO-2024-10436

django-allauth is vulnerable to Improper Restriction of Excessive Authentication Attempts

django-allauth python

AIKIDO-2024-10436: django-allauth is vulnerable to Improper Restriction of Excessive Authentication Attempts in versions 0.63.0 - 65.1.0.

Don’t be left in the dark