A Django password reset token generator
Allows you, providing a secret key, the user's pk and the user's hashed_password to bruteforce all possible last_login possibilities.
The secret key is supposed to be a .. secret and the other required fields too.
Nevertheless, this can be used in a privilege escalation scheme where the attacker would only have read-only access to the Django host and needs to be able to write to the database