Primary

Context

Drupal Protected Pages Brute Force Vulnerability

Vulnerability

Patched

A vulnerability allowing brute force attacks has been identified in the Drupal Protected Pages module, affecting versions prior to 1.8.0. The issue arises because the module does not limit the number of password attempts, allowing attackers to repeatedly guess passwords. This vulnerability is somewhat mitigated by the requirement to know the specific URL of the protected page.

Impact

Exploitation of this vulnerability could lead to unauthorized access bypass, allowing attackers to access protected pages without proper authentication.

Remediation

Users of the Protected Pages module for Drupal 8.x should upgrade to Protected Pages 8.x-1.8.

Added: Oct 10, 2025, 11:18 PM

Updated: Oct 10, 2025, 11:18 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

6.8

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

6.8

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Drupal Protected Pages Brute Force Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Drupal Protected Pages

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating