3 matches found
CVE-2025-31681
The CVE-2025-31681 entry covers Drupal Authenticator Login (versions 0.0.0 through 2.0.5) with a Missing Authorization vulnerability that enables Forceful Browsing. Affected component is the Drupal Authenticator Login module; root cause is lack of proper authorization checks when accessing user-p...
CVE-2025-8995
CVE-2025-8995: Drupal Authenticator Login contains an authentication bypass vulnerability in versions prior to 2.1.4. The issue arises in the Authenticator Login module (Drupal) where an alternate path or channel can bypass authentication, effectively allowing login as a user without proper crede...
CVE-2025-8093
The vulnerability CVE-2025-8093 affects the Drupal Authenticator Login module prior to version 2.1.8. The issue is an authentication bypass via an alternate path or channel, as described across multiple sources, with CVSS v3.1 base metrics indicating high risk (8.8, Network attack vector, Privile...