Vulnerabilities > CVE-2013-2198 - Incorrect Authorization vulnerability in Login Security Project Login Security

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

CWE-863

critical

NVD

Published: 2020-01-30

Updated: 2024-11-21

Summary

The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username.

Vulnerable Configurations

Part	Description	Count
Application	Login_Security_Project Login Security Project Login Security 6.X-1.0 Login Security Project Login Security 6.X-1.1 Login Security Project Login Security 6.X-1.2 Login Security Project Login Security 6.X-1.3 Login Security Project Login Security 6.X-1.X Login Security Project Login Security 7.X-1.0 Login Security Project Login Security 7.X-1.1 Login Security Project Login Security 7.X-1.2 Login Security Project Login Security 7.X-1.3 Login Security Project Login Security 7.X-1.X	12

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References