Drupal · Secure Password Hashes Module · CVE-2014-9016
**Name of the Vulnerable Software and Affected Versions**
Drupal versions prior to 7.34
Secure Password Hashes module versions prior to 6.x-2.1
**Description**
The password hashing API allows remote attackers to cause a denial of service via a crafted request, resulting in CPU and memory consumption.
**Recommendations**
For Drupal versions prior to 7.34, update to version 7.34 or later.
For Secure Password Hashes module versions prior to 6.x-2.1, update to version 6.x-2.1 or later.