Login Alert - Moderately critical - Access bypass - SA-CONTRIB-2019-013

Project: Login AlertDate: 2019-February-06Security risk: Moderately critical 13∕25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:AllVulnerability: Access bypassDescription: This module provides a field on user profiles which allows users to get a notification when their account logs in to the site. The notification e-mail includes a link which will terminate all sessions for that user. This is useful in the case of unauthorised access to the account.
The module doesn't employ sufficient randomness in the generation of URLs, which represents an Access Bypass vulnerability.Solution: Install the latest version:

Also see the Login Alert project page.Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2019-013