2 matches found
CVE-2012-4475
CVE-2012-4475 affects the Drupal Security Questions module (versions 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1). The root cause is an inadequate access check, allowing remote attackers to edit an arbitrary user’s questions and answers via unspecified vectors. Impact is an access-bypass th...
SA-CONTRIB-2012-111 - Security Questions - Access Bypass
This module provides administrator configurable challenge questions for use during the log in and password reset processes. The module doesn't perform a proper access check, allowing a users' questions and answers to be edited by other users including anonymous users. CVE: CVE-2012-4475 Versions...