Unprotected Storage of Credentials in cythron/tweangoValid
May 12th 2021
Django secret key is pushed into Github repository. This is used to sign Json objects, create hashes and generate Csrf tokens.
🕵️♂️ Proof of Concept
Attacker will be able to forge json objects and create csrf tokens.