Moderately Critical Access bypass Vulnerability in Mail Login
The Drupal security team has posted a moderately critical access bypass vulnerability in Mail Login (SA-CONTRIB-2021-047), dated December 22nd, 2021. The Mail Login module enables users to log in via email address. The access bypass vulnerability is because the module does not sufficiently check user status when authenticating.
Solution
The mail login access bypass vulnerability is mitigated by installing the latest version of the module. If you use the mail_login module for Drupal 8 or 9, upgrade to Mail Login 8.x.-2.5 https://www.drupal.org/project/mail_login/releases/8.x-2.5
Source: Drupal.org
ASK: Drupal Community Needs Your Support
View all →
Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please reach out to us at #thedroptimes channel on Drupal Slack and we will try to address the issue as best we can.
