Web Hosting Community Forum for Webmasters - Web hosting Forum

Web Hosting Main Forums => Hosting Security and Technology => Vulnerabilities => Topic started by: Kailash on March 20, 2015, 11:07:23 PM

Title: Drupal Patches Flaw That Allowed Hackers to Forge Password Reset URLs
Post by: Kailash on March 20, 2015, 11:07:23 PM
Drupal has released an update to address two critical vulnerabilities present in all version prior to 6.35 and 7.35. The vulnerabilities were as follow:

- Access bypass (Password reset URLs – Drupal 6 and 7)
- Open redirect (Several vectors including the "destination" URL parameter – Drupal 6 and 7)

For complete description of this vulnerabilities, kindly refer Drupal security advisories (http://news.webhostingdiscussion.net/drupal-patches-allowed-hackers-to-forge-password-reset-urls.htm).

If you are using Drupal, it is highly recommended that you upgrade to version 6.35 (if you are using 6.x version) or 7.35 (if you are using Drupal 7.x version).

- Kailash