11 matches found
Improper Authentication
allauth-django is vulnerable to improper authentication. The vulnerability is due to the use of the mutable preferredusername attribute as the identifier for third-party provider accounts, which allows an attacker to change this value and potentially impersonate or gain unauthorized access to...
EUVD-2025-203376
An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...
django-allauth's Okta and NetIQ implementations used a mutable identifier for authorization decisions
An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...
Improper Certificate Validation
Overview django-allauth is an integrated set of Django applications addressing authentication, registration, account management as well as 3rd party social account authentication. Affected versions of this package are vulnerable to Improper Certificate Validation via the preferredusername field...
PYSEC-2025-111
An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...
CVE-2025-65431
An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...
UBUNTU-CVE-2025-65431
An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...
CVE-2025-65431
An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...
CVE-2025-65431
CVE-2025-65431 affects allauth-django prior to 65.13.0. Okta and NetIQ implementations used the mutable identifier preferred_username for third‑party provider accounts; this value should not drive authorization decisions. The vulnerability arises because the identifier used for linking/authorizat...
allauth-django 安全漏洞
allauth-django is an authentication application from allauth open source. A security vulnerability exists in allauth-django versions prior to 65.13.0 that stems from Okta and NetIQ's use of preferredusername as an identifier for third-party provider accounts, which could lead to improper...
CVE-2025-65431
An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...