Drupal Persistent Login Insufficient Session Expiration Vulnerability Allowing Forceful Browsing

Vulnerability

A vulnerability allowing forceful browsing has been identified in the Drupal Persistent Login module, versions prior to 1.8.0 and 2.0.* prior to 2.2.2. This vulnerability arises from insufficient session expiration, which can be exploited to bypass normal access controls.

Impact

Exploitation of this vulnerability could lead to unauthorized access to user accounts by allowing attackers to hijack active sessions.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Drupal Persistent Login Insufficient Session Expiration Vulnerability Allowing Forceful Browsing

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating