Drupal · Drupal · CVE-2015-3234
**Name of the Vulnerable Software and Affected Versions**
Drupal versions 6.x before 6.36
Drupal versions 7.x before 7.38
**Description**
The issue allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers. This is demonstrated by providers such as Verisign, LiveJournal, and StackExchange.
**Recommendations**
For Drupal 6.x, update to version 6.36 or later.
For Drupal 7.x, update to version 7.38 or later.