Drupal – Login Exposed

Description

During the scan, Kayran has detected that the Drupal login page Exposed (hence Drupal – Login Exposed).
The admin’s login page is accessible from any IP address.

An attacker could exploit this finding to perform Brute Force attacks against users, if succeed, could have devastating results.
He can also use it to create a similar phishing page in order to get an admin\user login credentials.

Recommendation

To fix Drupal – Login Exposed, Restrict access to the login page.
Try to restrict this section entirety to any unauthorized IP addresses.

References

https://www.drupal.org/security

< Return to all Vulnerabilities

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Read More »

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing

Read More »