During the security assessment, it was observed that the default Django admin page is publicly accessible and that verbose error messages are enabled. Although the test was conducted in a development environment, these configurations pose significant security risks if left unchanged in a production environment.
Exposed Django Admin Page:
The Django admin interface provides powerful administrative capabilities over the entire application, including access to sensitive data and the ability to perform critical actions. When the default admin page is exposed without proper protections, it becomes an attractive target for attackers who might attempt to gain unauthorised access through brute force attacks or by exploiting known vulnerabilities.
The below screenshot shows the default Django admin page:
jemnery
commented
2 months ago
During the security assessment, it was observed that the default Django admin page is publicly accessible and that verbose error messages are enabled. Although the test was conducted in a development environment, these configurations pose significant security risks if left unchanged in a production environment.
Exposed Django Admin Page:
The Django admin interface provides powerful administrative capabilities over the entire application, including access to sensitive data and the ability to perform critical actions. When the default admin page is exposed without proper protections, it becomes an attractive target for attackers who might attempt to gain unauthorised access through brute force attacks or by exploiting known vulnerabilities.
The below screenshot shows the default Django admin page: