Mail Login - Moderately critical - Access bypass - SA-CONTRIB-2023-048

Project: Mail LoginDate: 2023-October-04Security risk: Moderately critical 13∕25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:AllVulnerability: Access bypassAffected versions: <2.9.0Description: This module enables users to log in by email address with minimal configurations.
Drupal core contains protection against brute force attacks via a flood control mechanism. This module's functionality did not replicate the flood control, enabling brute force attacks.
A previous security advisory, SA-CONTRIB-2023-45, was released for this issue, but that release did not successfully address the vulnerability. This security advisory and updated module version supersede the previous one.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article