IP spoofing bug leaves Django REST applications open to DDoS, password-cracking attacks


An IP spoofing vulnerability in Django REST allowed attackers to bypass the framework’s throttling feature, which intent to protect applications from mass requests.

This feature is intended to protect applications from bot activity, denialofservice attacks, and malicious activities like bruteforce attempts on login pages, onetime passwords, and password reset pages.

Read More…