GHSA-VHR6-PVJM-9QWF User passwords are stored in clear text in the Django session
Impact django-two-factor-auth versions 1.11 and before store the user's password in clear text in the user session base64-encoded. The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor...