CVE-2013-0258 - OpenCVE

The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Drupal
Google Authenticator Login Project	Ga Login

Configuration 1 [-]

AND

OR	cpe:2.3:a:google_authenticator_login_project:ga_login:7.x-1.0:::::::*
	cpe:2.3:a:google_authenticator_login_project:ga_login:7.x-1.0:beta1::::::
	cpe:2.3:a:google_authenticator_login_project:ga_login:7.x-1.0:dev::::::
	cpe:2.3:a:google_authenticator_login_project:ga_login:7.x-1.1:::::::*
	cpe:2.3:a:google_authenticator_login_project:ga_login:7.x-1.2:::::::*

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://drupal.org/node/1902102
http://drupal.org/node/1903282
http://drupalcode.org/project/ga_login.git/commitdiff/50b032d
http://www.openwall.com/lists/oss-security/2013/02/05/1

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-03-27T21:00:00Z

Updated: 2024-09-16T22:09:36.284Z

Reserved: 2012-12-06T00:00:00Z

Link: CVE-2013-0258

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2013-03-27T21:55:02.143

Modified: 2013-04-05T04:00:00.000

Link: CVE-2013-0258

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-03-27T21:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://drupal.org/node/1903282"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupalcode.org/project/ga_login.git/commitdiff/50b032d"}, {"name": "[oss-security] 20130204 Re: CVE request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/02/05/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1902102"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0258", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://drupal.org/node/1903282", "refsource": "MISC", "url": "http://drupal.org/node/1903282"}, {"name": "http://drupalcode.org/project/ga_login.git/commitdiff/50b032d", "refsource": "CONFIRM", "url": "http://drupalcode.org/project/ga_login.git/commitdiff/50b032d"}, {"name": "[oss-security] 20130204 Re: CVE request for Drupal contributed modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/02/05/1"}, {"name": "http://drupal.org/node/1902102", "refsource": "CONFIRM", "url": "http://drupal.org/node/1902102"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:18:09.554Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://drupal.org/node/1903282"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupalcode.org/project/ga_login.git/commitdiff/50b032d"}, {"name": "[oss-security] 20130204 Re: CVE request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/02/05/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1902102"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0258", "datePublished": "2013-03-27T21:00:00Z", "dateReserved": "2012-12-06T00:00:00Z", "dateUpdated": "2024-09-16T22:09:36.284Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google_authenticator_login_project:ga_login:7.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A1593C73-F1B6-4A8B-8DAE-C66FE555563E", "vulnerable": true}, {"criteria": "cpe:2.3:a:google_authenticator_login_project:ga_login:7.x-1.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "9907AF35-E82F-4B69-AC66-712D0E06B808", "vulnerable": true}, {"criteria": "cpe:2.3:a:google_authenticator_login_project:ga_login:7.x-1.0:dev:*:*:*:*:*:*", "matchCriteriaId": "E9E6CBF0-1973-4130-A41F-AE03D1D3E421", "vulnerable": true}, {"criteria": "cpe:2.3:a:google_authenticator_login_project:ga_login:7.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B4A022FA-FF85-4878-8CB4-1AB0530ABD12", "vulnerable": true}, {"criteria": "cpe:2.3:a:google_authenticator_login_project:ga_login:7.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9AB4FF45-C6BC-476F-A7B0-6D183AA52C0B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username."}, {"lang": "es", "value": "El m\u00f3dulo Google Authenticator login (ga_login) v7.x antes v7.x-1.3 para Drupal, cuando la autenticaci\u00f3n multi-factor est\u00e1 activada, permite a atacantes remotos evitar la autenticaci\u00f3n para las cuentas sin un token Autenticador asociado Google inicia la sesi\u00f3n con el nombre de usuario."}], "id": "CVE-2013-0258", "lastModified": "2013-04-05T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-03-27T21:55:02.143", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://drupal.org/node/1902102"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/1903282"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://drupalcode.org/project/ga_login.git/commitdiff/50b032d"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/02/05/1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}