Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Project:
Date:
2021-December-22
Vulnerability:
Access bypass
Affected versions:
<2.5.0
Description:
This modules enables users to login via email address.
This module does not sufficiently check user status when authenticating.
Solution:
Install the latest version:
- If you use the mail_login module for Drupal 8 or 9, upgrade to Mail Login 8.x-2.5
Reported By:
Fixed By:
Coordinated By:
- Chris of the Drupal Security Team
- Greg Knaddison of the Drupal Security Team
- Damien McKenna of the Drupal Security Team
- Drew Webber of the Drupal Security Team