CVE-2009-2291 - OpenCVE

Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Chad Phillips	Logintoboggan
Drupal	Drupal

Configuration 1 [-]

AND

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.0:::::::*
	cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.1:::::::*
	cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.2:::::::*
	cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.3:::::::*
	cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.4:::::::*
	cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.x::dev:::::
	cpe:2.3:a:chad_phillips:logintoboggan:6.x-2.x::dev:::::

No data.

References

Link	Providers
http://drupal.org/node/461662
http://drupal.org/node/461682
http://secunia.com/advisories/35081
http://www.osvdb.org/54428
http://www.securityfocus.com/bid/34945
http://www.vupen.com/english/advisories/2009/1312

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-07-01T12:26:00Z

Updated: 2024-09-17T03:28:02.929Z

Reserved: 2009-07-01T00:00:00Z

Link: CVE-2009-2291

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2009-07-01T13:00:01.907

Modified: 2009-07-01T13:00:01.907

Link: CVE-2009-2291

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when \"Allow users to login using their e-mail address\" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-07-01T12:26:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "34945", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/34945"}, {"name": "54428", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/54428"}, {"name": "35081", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35081"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/461662"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/461682"}, {"name": "ADV-2009-1312", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1312"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2291", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when \"Allow users to login using their e-mail address\" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "34945", "refsource": "BID", "url": "http://www.securityfocus.com/bid/34945"}, {"name": "54428", "refsource": "OSVDB", "url": "http://www.osvdb.org/54428"}, {"name": "35081", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35081"}, {"name": "http://drupal.org/node/461662", "refsource": "CONFIRM", "url": "http://drupal.org/node/461662"}, {"name": "http://drupal.org/node/461682", "refsource": "CONFIRM", "url": "http://drupal.org/node/461682"}, {"name": "ADV-2009-1312", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1312"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:44:55.919Z"}, "title": "CVE Program Container", "references": [{"name": "34945", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/34945"}, {"name": "54428", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/54428"}, {"name": "35081", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35081"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/461662"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/461682"}, {"name": "ADV-2009-1312", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1312"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2291", "datePublished": "2009-07-01T12:26:00Z", "dateReserved": "2009-07-01T00:00:00Z", "dateUpdated": "2024-09-17T03:28:02.929Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9CA1B3B3-F3E0-4201-853D-2CF762A843B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1275432-7063-4AC4-88AD-39C4E803997C", "vulnerable": true}, {"criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "1DECE092-9862-4EF2-9343-9AE75492C5C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "CA09DE25-32A1-4F73-88C1-6A3C2FD71AF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.4:*:*:*:*:*:*:*", "matchCriteriaId": "75263666-2F4E-4291-ACED-EF2A30337E67", "vulnerable": true}, {"criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.x:*:dev:*:*:*:*:*", "matchCriteriaId": "C8E2341C-890D-47BD-97CE-85A0D397415D", "vulnerable": true}, {"criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-2.x:*:dev:*:*:*:*:*", "matchCriteriaId": "921A742C-7A0F-4BC7-9909-D0312EE90318", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when \"Allow users to login using their e-mail address\" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en el m\u00f3dulo para Drupal LoginToboggan v6.x-1.x anterior a v6.x-1.5, cuando \"Se permite el login de usuarios usando la direcci\u00f3n de correo electr\u00f3nico\", permite a usuarios remotos bloqueados evitar las restricciones de acceso a trav\u00e9s de vectores no especificados."}], "id": "CVE-2009-2291", "lastModified": "2009-07-01T13:00:01.907", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-07-01T13:00:01.907", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/461662"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/461682"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35081"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/54428"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/34945"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1312"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}