6 matches found
DRUPAL-CONTRIB-2024-073
This module enables you to prevent existing users from logging in to your Drupal site unless they know the secret key to add to the end of the ?q=user login form page. The Login Disable module does not correctly prevent a user with a disabled login from logging in, allowing those users to by-pass...
Drupal Login Disable module 2.0.0-2.1.0 - Authenticated Broken Access Control vulnerability
Authenticated Broken Access Control vulnerability discovered by e5sego in WordPress Module Login Disable versions 2.0.0-2.1.0...
Drupal Login Disable Module Security Bypass Vulnerability
Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Login Disable is one of the modules that provides login denial functionality. A security vulnerability exists in the Drupal Login Disable module in versions 6.x-1.1 prior to 6.x-1.x and...
CVE-2015-8082
The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the userlogout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL...
Authentication flaw
The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the userlogout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL...
CVE-2015-8082
The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the userlogout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL...