Tuesday, 13 March 2012

[EN] Drupal 7.12 user-enumeration

Yep, another day of testing Drupal code, and today I found user-enumeration bug.

Drupal seems to be vulnerable to user enumeration but this vulnerability is dedicated to logged-in users only:)

If You want to check it at Your installation, let me know ... ;)
Just like it was with Wordpress bugs.

I will present more technical details in April.

Maybe this one today:


 Questions? Priv.

No comments:

Post a Comment

What do You think...?