This module provides a field on user profiles which allows users to get a notification when their account logs in to the site. The notification e-mail includes a link which will terminate all sessions for that user. This is useful in the case of unauthorised access to the account.
The module doesn't employ sufficient randomness in the generation of URLs, which represents an Access Bypass vulnerability.
Install the latest version:
- If you use the Login Alert module for Drupal 8.x, upgrade to Login Alert 8.x-1.3
Also see the Login Alert project page.
- Drew Webber provisional member of the Drupal Security Team
- Drew Webber provisional member of the Drupal Security Team
- Greg Knaddison member of the Drupal Security Team