The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username.
2020-01-30T21:15:14.060
2024-11-21T01:51:13.910
Modified
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | login_security_project | login_security | ≤ 6.x-1.3 | Yes |
| Application | login_security_project | login_security | ≤ 7.x-1.3 | Yes |
| Application | login_security_project | login_security | 6.x-1.0 | Yes |
| Application | login_security_project | login_security | 6.x-1.0 | Yes |
| Application | login_security_project | login_security | 6.x-1.x | Yes |
| Application | login_security_project | login_security | 7.x-1.x | Yes |