Back to search
CVE-2015-8082
Published: Nov 6, 2015
Modified: Sep 16, 2024
PUBLISHED
Description
The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the user_logout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL Login modules.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.drupal.org/node/2303503
x_refsource_CONFIRM
https://www.drupal.org/node/2608356
x_refsource_MISC
https://www.drupal.org/node/2587643
x_refsource_CONFIRM
https://www.drupal.org/node/2571567
x_refsource_CONFIRM
https://www.drupal.org/node/2587641
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now