Super Login - Critical - Access bypass - SA-CONTRIB-2022-001

Super Login - Critical - Access bypass - SA-CONTRIB-2022-001

Project: Super Login
Date: 2022-January-05
Security risk: Critical 18∕25
Vulnerability: Access bypass

Description

This module enables you to login with an email address.

The module doesn't sufficiently check if a user account is active when using email login.

This vulnerability is mitigated by the fact that an attacker must have an account in the website that is blocked.

Solution

Install the latest version:

If you use the Super Login module for Drupal 8.x, upgrade to Super Login 8.x-1.7

We value your opinion. Please add your feedback.