Stefanw

**Name of the Vulnerable Software and Affected Versions** django-mfa3 versions prior to 0.5.0 **Description** The issue is related to a library that implements multi-factor authentication for the Django web framework. It modifies the regular login view but does not modify the second login view for the admin area, allowing the multi-factor authentication to be bypassed. Users are affected if they have activated both the library and django.contrib.admin without taking other measures to prevent access to the admin login view. **Recommendations** For django-mfa3 versions prior to 0.5.0, update to version 0.5.0 to resolve the issue. As a temporary workaround, consider overwriting the admin login route by adding a URL definition before the admin routes, such as url('admin/login/', lambda request: redirect(settings.LOGIN URL)).