Steven Wittens

Name of the Vulnerable Software and Affected Versions: Drupal module Services versions 5.x before 5.x-0.92 Drupal module Services versions 6.x before 6.x-0.13 Description: The issue allows remote attackers to impersonate other users and gain privileges due to the use of an insecure hash when signing requests. Recommendations: For versions 5.x before 5.x-0.92, update to version 5.x-0.92 or later. For versions 6.x before 6.x-0.13, update to version 6.x-0.13 or later.

Name of the Vulnerable Software and Affected Versions: Drupal module Services versions 5.x before 5.x-0.92 Drupal module Services versions 6.x before 6.x-0.13 Description: The issue is related to the module not signing all required data in requests, which could allow remote attackers to impersonate other users and gain privileges, possibly through man-in-the-middle attacks that modify critical data. Recommendations: For versions 5.x before 5.x-0.92, update to version 5.x-0.92 or later to resolve the issue. For versions 6.x before 6.x-0.13, update to version 6.x-0.13 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Drupal module Services versions 5.x before 5.x-0.92 Drupal module Services versions 6.x before 6.x-0.13 Description: The issue allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request, due to the lack of timeouts for signed requests. Recommendations: For versions 5.x before 5.x-0.92, update to version 5.x-0.92 or later to resolve the issue. For versions 6.x before 6.x-0.13, update to version 6.x-0.13 or later to resolve the issue.