Drupal Google Authenticator Login Module Access Bypass Vulnerability

The Google Authenticator login module for Drupal is prone to an access-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and gain unauthorized access to other user's account.

Google Authenticator login 6.x-1.x versions prior to 6.x-1.2 and 7.x-1.x versions prior to 7.x-1.4 are vulnerable.

Note: The issue described by CVE-2013-4178 has been moved to BID 61568 (Drupal Google Authenticator Login CVE-2013-4178 Module One Time Password Replay Weakness) for better documentation.


Privacy Statement
Copyright 2010, SecurityFocus