• Welcome to Web Hosting Community Forum for Webmasters - Web hosting Forum.
 

Recommended Providers

Fully Managed WordPress Hosting
lc_banner_leadgen_3
Fully Managed WordPress Hosting

WordPress Theme

Divi WordPress Theme
WPZOOM

Forum Membership

Forum Membership

Drupal Patches Flaw That Allowed Hackers to Forge Password Reset URLs

Started by Kailash, March 20, 2015, 11:07:23 PM

Kailash

Drupal has released an update to address two critical vulnerabilities present in all version prior to 6.35 and 7.35. The vulnerabilities were as follow:

- Access bypass (Password reset URLs – Drupal 6 and 7)
- Open redirect (Several vectors including the "destination" URL parameter – Drupal 6 and 7)

For complete description of this vulnerabilities, kindly refer Drupal security advisories.

If you are using Drupal, it is highly recommended that you upgrade to version 6.35 (if you are using 6.x version) or 7.35 (if you are using Drupal 7.x version).

- Kailash