PT-2026-56659 · Drupal · Login Disable
Boris Doesborg
+2
·
Published
2026-07-08
·
Updated
2026-07-10
·
CVE-2026-15079
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Drupal Login Disable versions 0.0.0 through 2.1.4
Description
The Login Disable module, which restricts site access by requiring a secret key on the login form, does not sufficiently protect the form from brute force attacks. An attacker could potentially bypass this protection by guessing the secret key, depending on its length. This issue is partially mitigated because the attacker still requires a valid username and password to gain access.
Recommendations
Update Drupal Login Disable to a version newer than 2.1.4 to enable flood control that blocks excessive authentication attempts.
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Login Disable