How a 6-character verification code with a disabled rate limit turned django-allauth’s email verification into a bruteforce target — the only High finding in a Radically Open Security code audit.
How a 6-character verification code with a disabled rate limit turned django-allauth’s email verification into a bruteforce target — the only High finding in a Radically Open Security code audit.