Diego Cebrian

**Name of the Vulnerable Software and Affected Versions** djoser versions prior to 2.3.0 **Description** The issue allows for Authentication Bypass when the `authenticate()` function fails, causing the system to fall back to querying the database directly. This grants access to users with valid credentials and bypasses custom authentication checks, including two-factor authentication, LDAP validations, or requirements from configured `AUTHENTICATION BACKENDS`. **Recommendations** For versions prior to 2.3.0, update to version 2.3.0 or later to resolve the issue. As a temporary workaround, consider disabling the `authenticate()` function until a patch is available. Restrict access to custom authentication modules to minimize the risk of exploitation. Avoid relying solely on the `AUTHENTICATION BACKENDS` for authentication until the issue is resolved.