[3/5] Drupal Secure Site Module Security Bypass Vulnerability

January 31st, 2008 by

[3/5] Drupal Secure Site Module Security Bypass Vulnerability

:A vulnerability has been reported in the Secure Site module for Drupal, which can be exploited by malicious people to bypass certain security restrictions.The vulnerability is caused due to an error within the IP-authentication feature. If an attacker e.g. uses the same proxy as a currently logged in user, this can be exploited to gain access as this user.The vulnerability is reported in Secure Site for Drupal 5.x and 4.7.x.Solution:The vulnerable feature has been removed in updated versions.Drupal 5.x users:Update to Secure Site 5.x-1.1.Drupal 4.7.x users:Update to Secure Site 4.7.x-1.1.Provided and/or discovered by:Tim AltmanOriginal Advisory:http://drupal.org/node/216019

Original post by sonia

[3/5] Drupal Secure Site Module Security Bypass Vulnerability

Related Articles:

[2/5] Drupal Forward Module Access Restriction Bypass

[2/5] Drupal Print Module Access Restriction Bypass

[3/5] Drupal Simple Access Module Security Bypass

[2/5] Drupal Header Image Module Security Bypass Vulnerability

[2/5] Drupal Userpoints Module Cross-Site Request Forgery Vulnerability

Posted in Advisories - Exploits | | [3/5] Drupal Secure Site Module Security Bypass Vulnerability

<< [4/5] Gnumeric XLS HLINK Opcode Processing Code Execution Vulnerability | [2/5] Drupal Userpoints Module Cross-Site Request Forgery Vulnerability >>

Cybertrion Systems

[3/5] Drupal Secure Site Module Security Bypass Vulnerability

Categories

Archives:

Search:

Meta: