Lucene search

Drupal Security TeamDRUPAL-SA-CONTRIB-2012-091

HistoryJun 06, 2012 - 12:00 a.m.

SA-CONTRIB-2012-091 - Token Authentication - Access bypass

2012-06-0600:00:00

Drupal Security Team

www.drupal.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.967 High

EPSS

Percentile

99.7%

JSON

The Token Authentication module provides a token for use in the URL to authenticate users to a site.
Under certain uncommon situations, the module may not revert a user’s session properly. Depending on how tokenauth is used, this could result in subsequent requests being performed as a user with additional privileges when they shouldn’t.

CVE: CVE-2012-2720

Versions affected

Tokenauth 6.x-1.x versions prior to 6.x-1.7.

Drupal core is not affected. If you do not use the contributed Token Authentication module, there is nothing you need to do.

Solution

Install the latest version:

If you use the Tokenauth module for Drupal 6.x, upgrade to Tokenauth 6.x-1.7

Also see the Tokenauth project page.

Reported by

John Morahan of the Drupal Security Team

Fixed by

Adam Ross the module maintainer

References

drupal.org/contact

drupal.org/node/1618476

drupal.org/project/tokenauth

drupal.org/security-team

drupal.org/security-team/risk-levels

drupal.org/security/secure-configuration

drupal.org/user/346868

drupal.org/user/58170

drupal.org/writing-secure-code

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.967 High

EPSS

Percentile

99.7%

JSON

Related for DRUPAL-SA-CONTRIB-2012-091