Drupal Google Authenticator Login Module Access Bypass Vulnerability
The Google Authenticator login module for Drupal is prone to an access-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and gain unauthorized access to other user's account.
Google Authenticator login 6.x-1.x versions prior to 6.x-1.2 and 7.x-1.x versions prior to 7.x-1.4 are vulnerable.
Note: The issue described by CVE-2013-4178 has been moved to BID 61568 (Drupal Google Authenticator Login CVE-2013-4178 Module One Time Password Replay Weakness) for better documentation.