Fengwen

**Name of the Vulnerable Software and Affected Versions** Drupal versions 7.x before 7.43 Drupal versions 8.x before 8.0.4 **Description** The issue allows remote attackers to obtain sensitive username information. This is possible by leveraging a configuration that permits using an email address to login and a module that permits logging in. **Recommendations** For Drupal 7.x, update to version 7.43 or later. For Drupal 8.x, update to version 8.0.4 or later.