Super Login - Critical - Access bypass - SA-CONTRIB-2022-001
Project: Super Login
Date: 2022-January-05
Security risk: Critical 18∕25
Vulnerability: Access bypass
Description
This module enables you to login with an email address.
The module doesn't sufficiently check if a user account is active when using email login.
This vulnerability is mitigated by the fact that an attacker must have an account in the website that is blocked.
Solution
Install the latest version:
If you use the Super Login module for Drupal 8.x, upgrade to Super Login 8.x-1.7
We value your opinion. Please add your feedback.