Vulnerabilities > CVE-2013-2198 - Incorrect Authorization vulnerability in Login Security Project Login Security

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

CWE-863

NVD

Published: 2020-01-30

Updated: 2020-02-13

Summary

The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username.

Vulnerable Configurations

Part	Description	Count
Application	Login_Security_Project Login Security Project Login Security 6.X-1.0 Login Security Project Login Security 6.X-1.1 Login Security Project Login Security 6.X-1.2 Login Security Project Login Security 6.X-1.3 Login Security Project Login Security 6.X-1.X Login Security Project Login Security 7.X-1.0 Login Security Project Login Security 7.X-1.1 Login Security Project Login Security 7.X-1.2 Login Security Project Login Security 7.X-1.3 Login Security Project Login Security 7.X-1.X	12

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References