CVE-2025-8093
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-10
Last updated on: 2026-01-05
Assigner: Drupal.org
Description
Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| authenticator_login_project | authenticator_login | to 2.1.8 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Authentication Bypass Using an Alternate Path or Channel in the Drupal Authenticator Login module. It allows an attacker to bypass the normal authentication process, potentially gaining unauthorized access.
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users to bypass authentication controls, potentially leading to unauthorized access to sensitive information or administrative functions within a Drupal site using the affected Authenticator Login versions.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70