CVE-2009-2291 - Vulnerability Details - OpenCVE

Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00598.

Key SSVC decision points have not yet been added.

Vendors	Products
Chad Phillips	Logintoboggan
Drupal	Drupal

Configuration 1 [-]

AND

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.0:::::::*
	cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.1:::::::*
	cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.2:::::::*
	cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.3:::::::*
	cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.4:::::::*
	cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.x::dev:::::
	cpe:2.3:a:chad_phillips:logintoboggan:6.x-2.x::dev:::::

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://drupal.org/node/461662
http://drupal.org/node/461682
http://secunia.com/advisories/35081
http://www.osvdb.org/54428
http://www.securityfocus.com/bid/34945
http://www.vupen.com/english/advisories/2009/1312

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-07-01T12:26:00Z

Updated: 2024-09-17T03:28:02.929Z

Reserved: 2009-07-01T00:00:00Z

Link: CVE-2009-2291

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-07-01T13:00:01.907

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-2291

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when \"Allow users to login using their e-mail address\" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-07-01T12:26:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "34945", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/34945"}, {"name": "54428", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/54428"}, {"name": "35081", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35081"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/461662"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/461682"}, {"name": "ADV-2009-1312", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1312"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2291", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when \"Allow users to login using their e-mail address\" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "34945", "refsource": "BID", "url": "http://www.securityfocus.com/bid/34945"}, {"name": "54428", "refsource": "OSVDB", "url": "http://www.osvdb.org/54428"}, {"name": "35081", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35081"}, {"name": "http://drupal.org/node/461662", "refsource": "CONFIRM", "url": "http://drupal.org/node/461662"}, {"name": "http://drupal.org/node/461682", "refsource": "CONFIRM", "url": "http://drupal.org/node/461682"}, {"name": "ADV-2009-1312", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1312"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:44:55.919Z"}, "title": "CVE Program Container", "references": [{"name": "34945", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/34945"}, {"name": "54428", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/54428"}, {"name": "35081", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35081"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/461662"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/461682"}, {"name": "ADV-2009-1312", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1312"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2291", "datePublished": "2009-07-01T12:26:00Z", "dateReserved": "2009-07-01T00:00:00Z", "dateUpdated": "2024-09-17T03:28:02.929Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9CA1B3B3-F3E0-4201-853D-2CF762A843B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1275432-7063-4AC4-88AD-39C4E803997C", "vulnerable": true}, {"criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "1DECE092-9862-4EF2-9343-9AE75492C5C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "CA09DE25-32A1-4F73-88C1-6A3C2FD71AF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.4:*:*:*:*:*:*:*", "matchCriteriaId": "75263666-2F4E-4291-ACED-EF2A30337E67", "vulnerable": true}, {"criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.x:*:dev:*:*:*:*:*", "matchCriteriaId": "C8E2341C-890D-47BD-97CE-85A0D397415D", "vulnerable": true}, {"criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-2.x:*:dev:*:*:*:*:*", "matchCriteriaId": "921A742C-7A0F-4BC7-9909-D0312EE90318", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when \"Allow users to login using their e-mail address\" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en el m\u00f3dulo para Drupal LoginToboggan v6.x-1.x anterior a v6.x-1.5, cuando \"Se permite el login de usuarios usando la direcci\u00f3n de correo electr\u00f3nico\", permite a usuarios remotos bloqueados evitar las restricciones de acceso a trav\u00e9s de vectores no especificados."}], "id": "CVE-2009-2291", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-07-01T13:00:01.907", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/461662"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/461682"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35081"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/54428"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/34945"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1312"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/461662"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/461682"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35081"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/54428"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/34945"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1312"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}