This module enables you to reset passwords for all users based upon their user role.
The module doesn't use a strong source of randomness, creating weak and predictable passwords.
This vulnerability is mitigated by the fact that the site must be configured to reveal the password to the attacker, which is a common configuration.
Install the latest version:
- If you use the Mass Password Reset module for Drupal 7.x, upgrade to Mass Password Reset 7.x-1.1.
Also see the Mass Password Reset project page.
- Greg Knaddison of the Drupal Security Team
- Greg Knaddison of the Drupal Security Team
- Mark Shropshire
- Greg Knaddison of the Drupal Security Team