Bypassing Google Authenticator Login Vulnerability

Bypassing Google Authenticator Login Vulnerability

CVE-2013-0258 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username.

Learn more about our User Device Pen Test.