6.4 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.04 Low
EPSS
Percentile
91.9%
This module enables a more secure password storage for Drupal 6 by back-porting the code used in Drupal 7 core.
A vulnerability in this API allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service).
This vulnerability can be exploited by anonymous users
See also: <https://www.drupal.org/SA-CORE-2014-006>
Drupal core is not affected. If you do not use the contributed Secure Password Hashes module,
there is nothing you need to do.
Install the latest version:
Also see the Secure Password Hashes project page.
twitter.com/drupalsecurity
www.drupal.org/contact
www.drupal.org/node/2378375
www.drupal.org/project/phpass
www.drupal.org/SA-CORE-2014-006
www.drupal.org/security-team
www.drupal.org/security-team/risk-levels
www.drupal.org/security/secure-configuration
www.drupal.org/u/c0r3dump3d
www.drupal.org/u/jnietotn
www.drupal.org/u/MichaelCu
www.drupal.org/user/49851
www.drupal.org/writing-secure-code