CVE-2013-2198

moderate-risk
Published 2020-01-30

The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username.

Do I need to act?

-
0.53% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (5)

Login Security
Login Security
Login Security
Login Security
Login Security

Affected Vendors

Login Security Project

References (8)

Mailing List http://www.openwall.com/lists/oss-security/2013/06/20/3
Third Party Advisory https://drupal.org/node/2023503
Third Party Advisory https://drupal.org/node/2023507
Third Party Advisory https://drupal.org/node/2023585
Mailing List http://www.openwall.com/lists/oss-security/2013/06/20/3
Third Party Advisory https://drupal.org/node/2023503
Third Party Advisory https://drupal.org/node/2023507
Third Party Advisory https://drupal.org/node/2023585
46
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 12/34 · Low