Mail Login - Critical - Access bypass - SA-CONTRIB-2023-045

Project: Mail LoginDate: 2023-September-13Security risk: Critical 16∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Access bypassAffected versions: <2.8.0Description: This module enables users to log in by email address with minimal configurations.
Drupal core contains protection against brute force attacks via a flood control mechanism. This module's functionality did not replicate the flood control, enabling brute force attacks.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article