Critical Security Alert on Protected Pages Module
Drupal published a new security update yesterday. The update addresses a vulnerability in the Protected Pages module. Anyone using the Protected Pages module for Drupal 8/9/10 is advised to install the latest version. The new update will fix the access bypass vulnerability and prevents hackers from exploiting the weakness in the authentication mechanism.
The Protected Pages module allows the administrator to secure any page using a password. It is different from the Protected Node module. Whereas the Protected Node facilitates password protection only for nodes, Protected Pages allows it for pages or paths.
The security lapse was reported by Shelane French, Web Developer at Lawrence Livermore National Laboratory. It was fixed by Mark Dorison and Diego Rodrigo da Silva. Greg Knaddison of the Drupal Security Team coordinated the efforts.
Users are encouraged to review the security update and apply the necessary updates. Click here to learn how to install the update.
Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please let us know in the comments below and we will try to address the issue as best we can.
Related People
Comments
You may also like
