View online: https://www.drupal.org/node/2915530 Project: netFORUM Authentication [1] Version: 7.x-1.0 Date: 2017-October-11 Security risk: *Moderately critical* 12∕25 AC:None/A:None/CI:None/II:None/E:Theoretical/TD:All [2] Vulnerability: Access Bypass Description:  The netFORUM Authentication module implements external authentication for users against netFORUM. The module does not correctly use flood control making it susceptible to brute force attacks. Solution:  Install the latest version: * If you use the netFORUM Authentication module for Drupal 7.x, upgrade to netFORUM Authentication 7.x-1.1 [3] Reported By:  * William Hurley [4] Coordinated By:  * Cash Williams [5] of the Drupal Security Team Fixed By:  * William Hurley [6] [1] https://www.drupal.org/project/netforum_authentication [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/project/netforum_authentication/releases/7.x-1.1 [4] https://www.drupal.org/user/wwhurley [5] https://www.drupal.org/u/cashwilliams [6] https://www.drupal.org/u/wwhurley