PT-2025-51216 · Unknown+1 · Allauth-Django+1
Published
2025-01-01
·
Updated
2026-05-04
·
CVE-2025-65431
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
allauth-django versions prior to 65.13.0
Description
An issue exists in allauth-django where Okta and NetIQ were utilizing the
preferred username value as an identifier for third-party provider accounts. This value is mutable and should not be used for authorization decisions. The providers have transitioned to using sub instead.Recommendations
Update to allauth-django version 65.13.0 or later.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Allauth-Django