The Mail Login module for Drupal has recently been flagged for a moderately critical security issue, designated as SA-CONTRIB-2023-048. The vulnerability, assessed with a risk level of 13/25, pertains to an access bypass that potentially exposes users to brute-force attacks. Specifically, the module lacks the flood control mechanism present in Drupal core, making it susceptible to such attacks.

Users are advised to update to the latest version of the Mail Login module to mitigate this security risk. For those using Drupal versions 8, 9, or 10, upgrading to Mail Login 8.x-2.9 is recommended. It's crucial to note that a previous security advisory, SA-CONTRIB-2023-45, attempted to address this issue but did not provide an effective solution. Therefore, the current security advisory and the updated module version supersede the previous attempt.

You May Like

Article

Drupal Delhi Meetup May 2024: Explore Drupal 10 and 11 Innovations

Article

Drupal Delhi Meetup May 2024: Explore Drupal 10 and 11 Innovations

Melisa Cordero and Emil Johnsson reported and resolved the vulnerability through a team effort. Key members of the Drupal Security Team oversaw the coordination of this security matter. This security advisory underscores the ongoing efforts to maintain the integrity and security of Drupal-based websites. For more information, visit the website.