CVE-2013-4177 — MEDIUM (5.0)

Vulnerability Description

The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Google Authenticator Login Project	Ga Login	6.x-1.0
Drupal	Drupal	-

Related Weaknesses (CWE)

CWE-264

References

http://www.securityfocus.com/bid/59884
https://drupal.org/node/1995482Patch
https://drupal.org/node/1995634Patch
https://drupal.org/node/1995706PatchVendor Advisory
http://www.securityfocus.com/bid/59884
https://drupal.org/node/1995482Patch
https://drupal.org/node/1995634Patch
https://drupal.org/node/1995706PatchVendor Advisory

FAQ

What is CVE-2013-4177?

CVE-2013-4177 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-f...

How severe is CVE-2013-4177?

CVE-2013-4177 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-4177?

Check the references section above for vendor advisories and patch information. Affected products include: Google Authenticator Login Project Ga Login, Drupal Drupal.