CVE-2013-0258

The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
google_authenticator_login_projectga_login
7.x-1.0:x
google_authenticator_login_projectga_login
7.x-1.0:x
google_authenticator_login_projectga_login
7.x-1.0:x
google_authenticator_login_projectga_login
7.x-1.1:x
google_authenticator_login_projectga_login
7.x-1.2:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1902102
http://drupal.org/node/1903282
http://drupalcode.org/project/ga_login.git/commitdiff/50b032d
http://www.openwall.com/lists/oss-security/2013/02/05/1
http://drupal.org/node/1902102
http://drupal.org/node/1903282
http://drupalcode.org/project/ga_login.git/commitdiff/50b032d
http://www.openwall.com/lists/oss-security/2013/02/05/1