CVE-2013-0258

EUVD-2013-0288
The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
google_authenticator_login_projectga_login
7.x-1.0:x
google_authenticator_login_projectga_login
7.x-1.0:x
google_authenticator_login_projectga_login
7.x-1.0:x
google_authenticator_login_projectga_login
7.x-1.1:x
google_authenticator_login_projectga_login
7.x-1.2:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1902102
http://drupal.org/node/1903282
http://drupalcode.org/project/ga_login.git/commitdiff/50b032d
http://www.openwall.com/lists/oss-security/2013/02/05/1
http://drupal.org/node/1902102
http://drupal.org/node/1903282
http://drupalcode.org/project/ga_login.git/commitdiff/50b032d
http://www.openwall.com/lists/oss-security/2013/02/05/1