Home

Description

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5.

PUBLISHED Reserved 2025-09-24 | Published 2025-10-29 | Updated 2025-10-30 | Assigner drupal

Problem types

CWE-307 Improper Restriction of Excessive Authentication Attempts

Product status

Default status
unaffected

0.0.0 (semver) before 2.0.5
affected

Credits

Pierre Rudloff (prudloff) finder

Gergely Lekli (glekli) remediation developer

Pierre Rudloff (prudloff) remediation developer

Greg Knaddison (greggles) coordinator

Pierre Rudloff (prudloff) coordinator

References

www.drupal.org/sa-contrib-2025-108

cve.org (CVE-2025-10928)

nvd.nist.gov (CVE-2025-10928)

Download JSON