Django Admin Panel Exposure

Django admin panel is a default web application that allows you to manage your data. Insecure Django admin panels enable attackers to perform administrative actions, such as accessing and deleting data or adding/modifying/deleting users.

Impact

Attackers may access the admin panel by utilising a range of techniques, from password guessing to using known exploits.

Solution

Administrative panels must be protected by two-factor authentication and made available to Internal networks (VPN) or via Identity Proxies (Zero Trust Security).