Drupal One Time Password Authentication Bypass Vulnerability

Vulnerability

An authentication bypass vulnerability allowing capture-replay attacks has been identified in the Drupal One Time Password module, versions prior to 1.3.0. This vulnerability enables remote services to exploit stolen credentials.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling unauthorized access to services or functionalities that require user authentication.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Drupal One Time Password Authentication Bypass Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating