Drupal Patches Flaw That Allowed Hackers to Forge Password Reset URLs

[Kailash]

Drupal has released an update to address two critical vulnerabilities present in all version prior to 6.35 and 7.35. The vulnerabilities were as follow:

- Access bypass (Password reset URLs – Drupal 6 and 7)
- Open redirect (Several vectors including the "destination" URL parameter – Drupal 6 and 7)

For complete description of this vulnerabilities, kindly refer Drupal security advisories.

If you are using Drupal, it is highly recommended that you upgrade to version 6.35 (if you are using 6.x version) or 7.35 (if you are using Drupal 7.x version).

- Kailash