Drupal Security Questions Module Security Bypass Vulnerability

Summary

The Security Questions module for Drupal is prone to a security-bypass vulnerability

Credit:

The original article can be found at: http://www.securityfocus.com/bid/54409.
The information has been provided by Chris Hertzog .


Details

Vulnerable Systems:
 *Drupal Security Questions Module Security Bypass Vulnerability

Attackers can exploit this issue to bypass security restrictions to obtain sensitive information; this may aid in launching further attacks.The following versions are vulnerable:Security Questions 6.x-1.x through versions prior to 6.x-1.1
Security Questions 7.x-1.x through versions prior to 7.x-1.1

Vendor Status:
Currently we are not aware of any vendor-supplied patches

Disclosure Timeline:
Initial Release: Jul 11 2012

Categories: News