Authentication Flaws in 2FA and API Tokens


PyPI implemented 2FA and API Tokens in 2019 as part of funded work to better secure the service for Project Maintainers and Python users installing from the index.

Two flaws were identified in the authentication policies which allowed API Tokens and Basic Authentication to access resources they should not have had access to, additionally bypassing two factor authentication.

  • Disclosure date: 2020-01-05 (Reported via security policy on
  • Disclosed by: Joachim Jablon
  • Bounty awarded to discloser: $500 USD for multiple reports in Q1 2020

Reported vulnerabilities

Web UI Authentication and 2FA bypass via API Tokens (Macaroons)

API tokens are advertised as only being valid for uploads, however by setting the appropriate header, Authorization: token pypi-....., requests for arbitrary actions could be made with the equivalent of a standard session.

Thus leaked API tokens regardless of scope may have had a much bigger impact than advertised (uploading rogue releases vs deleting releases/projects or modifying user account components)

Initially resolved in:

Web UI 2FA bypass via Basic Auth

Similar to above, constructing and setting the appropriate header, Authorization: Basic <base64>, requests for arbitrary actions could be made with the equivalent of a standard session.

Thus, 2FA bypass was possible if an attacker had the username and password for a user.

Initially resolved in:


We are unable to directly determine if either of these vulnerabilities were exploited. PyPI stores an Audit Log of events modifying user accounts and projects on the service. These log successful logins via the login form but were not configured to log authentication via other methods as they were assumed to be associated with package uploads only, which are logged separately.


Users are encouraged to review their Account Security History regularly to determine if any suspicious activity has taken place. If you identify any such activity, please report it per our published security policy.


  • 2020-01-05 Issue reported by Joachim Jablon to per PyPI security policy on
  • 2020-01-05 (+0days): Reports investigated by Ernest W. Durbin III and determined to be valid.
  • 2020-01-05 (+0days): Fixes deployed and verified.