[Security-news] SA-CONTRIB-2009-015 - Tokenauth - Access bypass

[security-news at drupal.org]

  * Advisory ID: DRUPAL-SA-CONTRIB-2009-015
  * Project: Token authentication (third-party module)
  * Version: 6.x
  * Date: 2009-March-25
  * Security risk: Less critical
  * Exploitable from: Remote
  * Vulnerability: Access bypass

-------- DESCRIPTION  
---------------------------------------------------------

The Token authentication module allows access to RSS feeds via a token
without having to provide your username and password to the site. Token
authentication did not properly use the Drupal Form API which would allow a
malicious user to learn the site administrator's token giving them the
ability to read any nodes on the site via an RSS feed.
-------- VERSIONS AFFECTED  
---------------------------------------------------

  * Token authentication 6.x-1.x prior to 6.x-1.1

Token authentication for Drupal 5.x is not affected by this vulnerability.
Drupal core is not affected. If you do not use the contributed Token
authentication module, there is nothing you need to do.
-------- SOLUTION  
------------------------------------------------------------

Upgrade to the latest version:
  * If you use Token authentication 6.x-1.x upgrade to Token authentication
    6.x-1.1 [1]

See also the Token authentication project page [2].
-------- REPORTED BY  
---------------------------------------------------------

Stéphane Corlosquet [3] of the Drupal Security Team [4].
-------- FIXED BY  
------------------------------------------------------------

Stéphane Corlosquet [5] of the Drupal Security Team [6].
-------- CONTACT  
-------------------------------------------------------------

The security contact for Drupal can be reached at security at drupal.org or
via the form at http://drupal.org/contact.

[1] http://drupal.org/node/413728
[2] http://drupal.org/project/tokenauth
[3] http://drupal.org/user/52142
[4] http://drupal.org/security-team
[5] http://drupal.org/user/52142
[6] http://drupal.org/security-team