AI Score
Confidence
High
EPSS
Percentile
41.9%
Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.
www.debian.org/security/2015/dsa-3200
www.securityfocus.com/bid/73219
www.drupal.org/SA-CORE-2015-001