Yahoo Patches Vulnerability that Led to 450,000-Password Breach

Yahoo announced today it’s fixed the security hole that allowed a hacker group this week to post some 450,000 email addresses and passwords belonging to freelance writers. “We have taken swift action and have now fixed this vulnerability, deployed additional security measures for affected Yahoo!...

SA-CONTRIB-2012-111 - Security Questions - Access Bypass

This module provides administrator configurable challenge questions for use during the log in and password reset processes. The module doesn't perform a proper access check, allowing a users' questions and answers to be edited by other users including anonymous users. CVE: CVE-2012-4475 Versions...