Vulnerability Description
The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the user_logout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL Login modules.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Login Disable Project | Login Disable | 6.x-1.0 |
Related Weaknesses (CWE)
References
- https://www.drupal.org/node/2303503
- https://www.drupal.org/node/2571567Patch
- https://www.drupal.org/node/2587641Patch
- https://www.drupal.org/node/2587643
- https://www.drupal.org/node/2608356PatchVendor Advisory
- https://www.drupal.org/node/2303503
- https://www.drupal.org/node/2571567Patch
- https://www.drupal.org/node/2587641Patch
- https://www.drupal.org/node/2587643
- https://www.drupal.org/node/2608356PatchVendor Advisory
FAQ
What is CVE-2015-8082?
CVE-2015-8082 is a vulnerability with a CVSS score of 7.5 (HIGH). The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the user_logout function, which allows remote attackers to bypass the logout protection mec...
How severe is CVE-2015-8082?
CVE-2015-8082 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8082?
Check the references section above for vendor advisories and patch information. Affected products include: Login Disable Project Login Disable.