CVE-2013-2197

Login Security 6.x-1.x < 6.x-1.3 and 7.x-1.x < 7.x-1.3 - Denial of Service via Login Delay Option

Title source: llm
STIX 2.1

Description

The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal, when using the login delay option, allows remote attackers to cause a denial of service (CPU consumption) via a large number of failed login attempts.

References (4)

Core 4
Core References
Vendor Advisory x_refsource_misc
https://drupal.org/node/2023585
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/06/20/3
Patch x_refsource_confirm
https://drupal.org/node/2023507
Patch x_refsource_confirm
https://drupal.org/node/2023503

Scores

EPSS 0.0134
EPSS Percentile 67.9%

Details

CWE
CWE-119
Status published
Products (9)
login_security_project/login_security 6.x-1.0 (3 CPE variants)
login_security_project/login_security 6.x-1.1
login_security_project/login_security 6.x-1.2
login_security_project/login_security 6.x-1.3
login_security_project/login_security 6.x-1.x dev
login_security_project/login_security 7.x-1.0
login_security_project/login_security 7.x-1.1
login_security_project/login_security 7.x-1.2
login_security_project/login_security 7.x-1.x dev
Published Aug 28, 2013
Tracked Since Feb 18, 2026