EPSS
Percentile
41.4%
django-two-factor-auth is vulnerable to information disclosure. The vulnerability exists as it stores the user’s password in the user session with base64-encoded clear text.
github.com/advisories/GHSA-vhr6-pvjm-9qwf
github.com/Bouke/django-two-factor-auth/blob/master/CHANGELOG.md#112---2020-07-08
github.com/Bouke/django-two-factor-auth/commit/454fd9842fa6e8bb772dbf0943976bc8e3335359
github.com/Bouke/django-two-factor-auth/security/advisories/GHSA-vhr6-pvjm-9qwf