CVE-2013-4177
First published: Thu May 29 2014(Updated: )
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Authenticator | =6.x-1.0-alpha1 | |
| Google Authenticator | =6.x-1.0-beta1 | |
| Google Authenticator | =6.x-1.0-beta2 | |
| Google Authenticator | =6.x-1.1 | |
| Google Authenticator | =6.x-1.x-dev | |
| Google Authenticator | =7.x-1.0 | |
| Google Authenticator | =7.x-1.0-beta1 | |
| Google Authenticator | =7.x-1.0-dev | |
| Google Authenticator | =7.x-1.1 | |
| Google Authenticator | =7.x-1.2 | |
| Google Authenticator | =7.x-1.3 | |
| Drupal | ||
| All of | ||
| Any of | ||
| Google Authenticator | =6.x-1.0-alpha1 | |
| Google Authenticator | =6.x-1.0-beta1 | |
| Google Authenticator | =6.x-1.0-beta2 | |
| Google Authenticator | =6.x-1.1 | |
| Google Authenticator | =6.x-1.x-dev | |
| Google Authenticator | =7.x-1.0 | |
| Google Authenticator | =7.x-1.0-beta1 | |
| Google Authenticator | =7.x-1.0-dev | |
| Google Authenticator | =7.x-1.1 | |
| Google Authenticator | =7.x-1.2 | |
| Google Authenticator | =7.x-1.3 | |
| Drupal |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-4177?
CVE-2013-4177 has been classified as a moderate severity vulnerability, allowing potential bypass of two-factor authentication.
How do I fix CVE-2013-4177?
To address CVE-2013-4177, upgrade to version 6.x-1.2 or 7.x-1.4 or later of the Google Authenticator login module.
What versions are affected by CVE-2013-4177?
CVE-2013-4177 affects Google Authenticator login module versions 6.x-1.0-alpha1, 6.x-1.0-beta1, 6.x-1.0-beta2, 6.x-1.1, and all 7.x versions prior to 7.x-1.4.
Can CVE-2013-4177 lead to account compromise?
Yes, CVE-2013-4177 may allow remote attackers to bypass two-factor authentication and potentially compromise user accounts.
Is two-factor authentication still effective against CVE-2013-4177?
Two-factor authentication may not be effective against CVE-2013-4177 if the vulnerability is exploited, allowing attackers to bypass this security measure.
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/google authenticator login project
- canonical/google authenticator
- version/google authenticator/6.x-1.0-alpha1
- version/google authenticator/6.x-1.0-beta1
- version/google authenticator/6.x-1.0-beta2
- version/google authenticator/6.x-1.1
- version/google authenticator/6.x-1.x-dev
- version/google authenticator/7.x-1.0
- version/google authenticator/7.x-1.0-beta1
- version/google authenticator/7.x-1.0-dev
- version/google authenticator/7.x-1.1
- version/google authenticator/7.x-1.2
- version/google authenticator/7.x-1.3
- vendor/drupal
- canonical/drupal