• Welcome to Web Hosting Community Forum for Webmasters - Web hosting Forum.

Drupal Patches Flaw That Allowed Hackers to Forge Password Reset URLs

Started by Kailash, March 20, 2015, 11:07:23 PM

WordPress Premium Themes


Drupal has released an update to address two critical vulnerabilities present in all version prior to 6.35 and 7.35. The vulnerabilities were as follow:

- Access bypass (Password reset URLs – Drupal 6 and 7)
- Open redirect (Several vectors including the "destination" URL parameter – Drupal 6 and 7)

For complete description of this vulnerabilities, kindly refer Drupal security advisories.

If you are using Drupal, it is highly recommended that you upgrade to version 6.35 (if you are using 6.x version) or 7.35 (if you are using Drupal 7.x version).

- Kailash

WordPress Premium Themes