1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Drupal Flaw Allows Attackers to Forge Password Reset URLs

Discussion in 'SecurityWeek' started by RSS, Mar 24, 2015.

  1. RSS

    RSS New Member Member

    Versions 6.35 and 7.35 of the Drupal content management system (CMS) are available for download. These security releases address two moderately critical vulnerabilities.

    One of the vulnerabilities can be exploited under certain circumstances to forge password reset URLs. An attacker can leverage the flaw to gain access to user accounts without knowing their password.

    read more

    [​IMG]
    [​IMG] [​IMG] [​IMG] [​IMG] [​IMG] [​IMG] [​IMG] [​IMG]

    Continue reading...
     

Share This Page