Drupal Access Code Module Brute Force Vulnerability
Vulnerability
A brute force vulnerability has been identified in the Drupal Access Code module, affecting versions prior to 2.0.5. This issue arises from improper restriction of authentication attempts, allowing users to guess access codes of others. The vulnerability is present in the Access Code module, which enables users to log in using access codes instead of traditional usernames and passwords. When users can create their own codes, they may exploit the uniqueness requirement by guessing codes based on availability notifications. To exploit this vulnerability, an attacker must have a role that permits changing their own access code.
Impact
Exploitation of this vulnerability could lead to unauthorized access by allowing users to guess and take over accounts of others by correctly guessing their access codes.
Remediation
Users of the Access Code module for Drupal should upgrade to version 2.0.5.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.