First published: Wed Mar 25 2015(Updated: )
Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Debian Debian Linux | =7.0 | |
Drupal Drupal | >=6.0<6.35 | |
Drupal Drupal | >=7.0<7.35 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.