IP Authentication Vulnerability in Secure Site Module for Drupal
CVE-2008-0568

Currently unrated

Key Information:

Vendor: Drupal
Status: Secure Site Module
Vendor: CVE Published:; 5 February 2008

Summary

The IP-authentication feature in the Secure Site module for Drupal contains an unspecified vulnerability that may allow remote attackers to exploit the authentication process. By gaining access through a shared proxy server, attackers can potentially assume the privileges of authenticated users, leading to unauthorized actions within the web application. This flaw underscores the importance of securing user authentication mechanisms and reviewing the trust relationship with proxy servers.

References

http://www.vupen.com/english/advisories/2008/0377/references

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/27543

vdb-entryx_refsource_BID

http://secunia.com/advisories/28732

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Feb 5, 2008
Vulnerability Reserved
Feb 4, 2008