id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
28248	Password resets are allowed for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS	Nick Zaccardi	nobody	[https://github.com/django/django/blob/7afb47646920ab3835dfa1750257dace01883a4b/django/contrib/auth/tokens.py#L45 An improper comparison] (> rather than >=) in the password reset token checking, allows password reset tokens to be used one day longer than expected.	Bug	closed	contrib.auth	2.0	Release blocker	invalid			Accepted	1	0	0	0	0	0