Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Critical Drupal vulnerability patched — update your website now

Critical Drupal vulnerability patched — update your website now


The Drupal Security Team has released a critical software update for the Drupal Content Management System (CMS).Users with websites running either Drupal 6 or Drupal 7 are urged to upgrade immediately. The most serious issue consists of a vulnerability in Drupal's OpenID module, a single-sign-on extension for the CMS that allows users to log in using OpenID. Attackers can exploit this bug to impersonate other users, including all-powerful administrators, and thereby gain control of an unpatched website. Websites with the OpenID module enabled should see the option “Log in with OpenID” underneath the username and password fields on the login page. Other three less critical bugs identified include two open redirect vulnerabilities that could allow crooks to send unsuspecting users off to booby-trapped sites, and a bug that could let users take unauthorised peeks at each other’s private information.
 
Read More:
 
Source:
 
Drupal
 
Naked Security Sophos
 
IT Security News Info
 
Team Cymru
 
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis