MidnightBSD

Advisories for login_security_project

CVE-2013-2197 MEDIUM

The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal, when using the login delay option, allows remote attackers to cause a denial of service (CPU consumption) via a large number of failed login attempts.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
login_security_project login_security 6.x-1.1
login_security_project login_security 7.x-1.1
login_security_project login_security 6.x-1.3
login_security_project login_security 6.x-1.0
login_security_project login_security 6.x-1.x
login_security_project login_security 7.x-1.2
login_security_project login_security 7.x-1.0
login_security_project login_security 6.x-1.2
login_security_project login_security 7.x-1.x
CVE-2013-2198 HIGH

The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,

Products Affected

Vendor Product Version
login_security_project login_security 6.x-1.0
login_security_project login_security 6.x-1.x
login_security_project login_security 7.x-1.x
login_security_project login_security *