PT-2013-3588 · Drupal · Drupal Login Security

Forest Monsen

Published

2013-08-28

Updated

2013-10-07

CVE-2013-2197

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Drupal Login Security module versions 6.x-1.x before 6.x-1.3 Drupal Login Security module versions 7.x-1.x before 7.x-1.3

Description The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by making a large number of failed login attempts when the login delay option is enabled.

Recommendations For Drupal Login Security module version 6.x-1.x, update to version 6.x-1.3 or later. For Drupal Login Security module version 7.x-1.x, update to version 7.x-1.3 or later.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2013-2197

Affected Products

Drupal Login Security

PT-2013-3588 · Drupal · Drupal Login Security

CVE-2013-2197

Weakness Enumeration

Related Identifiers

Affected Products

References · 5