Drupal · Drupal · CVE-2015-2559
**Name of the Vulnerable Software and Affected Versions**
Drupal versions 6.x through 6.34
Drupal versions 7.x through 7.34
**Description**
The issue allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.
**Recommendations**
For Drupal versions 6.x through 6.34, update to version 6.35 or later.
For Drupal versions 7.x through 7.34, update to version 7.35 or later.