Lucene search
HistoryMar 27, 2013 - 9:55 p.m.
CVE-2013-0258
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.7 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.8%
The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username.
Affected configurations
Node
google_authenticator_login_projectga_loginMatch7.x-1.0
ORgoogle_authenticator_login_projectga_loginMatch7.x-1.0beta1
ORgoogle_authenticator_login_projectga_loginMatch7.x-1.0dev
ORgoogle_authenticator_login_projectga_loginMatch7.x-1.1
ORgoogle_authenticator_login_projectga_loginMatch7.x-1.2
drupaldrupalMatch-
Related
drupal
drupal
SA-CONTRIB-2013-012 - Google Authenticator login - Access Bypass
2013-01-30 00:00:00
cvelist
cvelist
CVE-2013-0258
2022-10-03 16:15:04
CVE-2012-6140
2013-04-24 10:00:00
cve
cve
CVE-2013-0258
2022-10-03 16:15:04
CVE-2012-6140
2013-04-24 10:28:37
prion
prion
Authentication flaw
2013-03-27 21:55:00
Design/Logic Flaw
2013-04-24 10:28:00
ubuntucve
ubuntucve
CVE-2012-6140
2013-04-24 00:00:00
nvd
nvd
CVE-2012-6140
2013-04-24 10:28:37
debiancve
debiancve
CVE-2012-6140
2013-04-24 10:28:37
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.7 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.8%
Related for NVD:CVE-2013-0258