Tuesday 13 March 2012

[EN] Drupal 7.12 user-enumeration

Yep, another day of testing Drupal code, and today I found user-enumeration bug.

Drupal seems to be vulnerable to user enumeration but this vulnerability is dedicated to logged-in users only:)


If You want to check it at Your installation, let me know ... ;)
Just like it was with Wordpress bugs.


I will present more technical details in April.

Maybe this one today:


 ;)

 Questions? Priv.

No comments:

Post a Comment

What do You think...?