Critical Access bypass Vulnerability in Super Login Drupal 8
The Drupal security team has announced a critical access bypass vulnerability SA-CONTRIB-2022-001 in the Super Login module in Drupal 8, posted on 2022, January 5th.
The Super Login module enables users to login with an email address. But the module does not sufficiently check if a user account is active when using email login. This vulnerability is mitigated by the fact that an attacker must have an account on the website that is blocked.
Solution
Install the latest version: If you use the Super Login module for Drupal 8.x, upgrade to Super Login 8.x-1.7.
ASK: Drupal Community Needs Your Support
View all →
Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please reach out to us at #thedroptimes channel on Drupal Slack and we will try to address the issue as best we can.
You may also like
