Insecure session management In drupal/login_time_restriction
Description
This module enables you to apply time-based login restrictions and display related warning or logout confirmation pages.
The module doesn't sufficiently protect its confirmation routes from cross-site request forgery (CSRF), allowing the logout confirmation route to be triggered without user interaction.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 packagist | 1.0.3 |
Aliases
1. 2. 3. 4. 5. 6.