CVE-2022-24857

Name of the Vulnerable Software and Affected Versions django-mfa3 versions prior to 0.5.0

Description The issue is related to a library that implements multi-factor authentication for the Django web framework. It modifies the regular login view but does not modify the second login view for the admin area, allowing the multi-factor authentication to be bypassed. Users are affected if they have activated both the library and django.contrib.admin without taking other measures to prevent access to the admin login view.

Recommendations For django-mfa3 versions prior to 0.5.0, update to version 0.5.0 to resolve the issue. As a temporary workaround, consider overwriting the admin login route by adding a URL definition before the admin routes, such as url('admin/login/', lambda request: redirect(settings.LOGIN URL)).