Drupal Spots Out A Critical Vulnerability- Password Reset URLs

Drupal, being one of the widely used content management systems is commending the users to get their software updated to the latest versions (6.35 and 7.35) when it came to know about two susceptibilities that would allow attackers to hack Drupal websites. According to a recently published security advisory, a defect found in Drupal core could allow a prospective hacker to avoid the security restrictions by building password reset URLs.

Password reset URLs vulnerability:

  • Hackers try to glean the usage of this vulnerability to the fullest extent in order to gain the unauthorized access to some user accounts without even knowing their password.
  • This susceptibility is considered as moderately critical where the attacker will be having a chance to deceive a registered Drupal user like administrator, by launching a spitefully crafted URL to take the control of the target server. 

Exploiting access bypass vulnerability:

  • The websites which are running Drupal 6 are at a greater risk as the administrators of the websites have created several new user accounts protected by the same password. But in Drupal 7, exploiting password reset vulnerability becomes slightly difficult. Because it is possible only if the account importing process results in password hash in the database for several user accounts.
  • The exploitation of this vulnerability becomes easy for Drupal 6 websites the user accounts will be imported or programmatically edited in such a way that the password hash field in the database staying empty at least for a single user account.
  • The websites running Drupal 6 with empty password hashes or a password field with a guessable string in the database are highly liable to this vulnerability. This could also apply to the sites which use external authentication so that the password field is set to a fixed value. 

Open redirect vulnerability

  • Here the attackers manipulate the destination parameter to exploit this vulnerability, where the users will be redirected into a third party website with some malicious content.
  • According to Drupal, there are some several URL-related API functions in affected versions of Drupal 6 and 7. These functions allow hackers to pass through the external URLs; this would lead to some additional open redirect vulnerabilities.
  • This open redirect vulnerability is diminished by the fact that several common uses of destination parameter are not prone to the attack. But, all the confirmation forms built using Drupal 7’s API are prone to attack via ‘Cancel’ action that appears at the bottom of the form. Few forms built using Drupal 6 are also vulnerable.
  • This is actually a serious issue because Drupal is being used to power more than 1 billion websites on the internet. Drupal is actually in the third place where WordPress and Joomla are in the first and second place respectively.

Our team of web developers at Fortune Softtech would like to welcome you to our humble web-abode. Fortune Softtech is a Drupal website development firm in Indianapolis; we are specialized in professional and custom designed websites for both corporate and personal businesses. Kindly leave us a query for any assistance on web development.

Request For Proposal

Why Fortune Softtech?

  • Save your project cost up to 40%
  • Hire Remote Web Developers & Web Designers
  • New York Based Project Management
  • 50 plus strong off shore development team based in Bangalore, India
  • Innovative team members with Web 2.0 expertise
  • Quality Driven Delivery Model
  • Detail Time Sheet & Daily Reporting
  • WordPress Development in Indianapolis
  • Drupal Development in Indianapolis
  • Joomla Development in Indianapolis
  • eCommerce Magento Indianapolis
  • Web Development Indianapolis
  • Web Design Indianapolis
  • jQuery development Indianapolis
  • Zend framework development Indianapolis
  • Airline IBE GDS Integration Navitaire Indianapolis
  • Airline IBE GDS Integration Amadeus Indianapolis