Mass Password Reset - Less critical - Insecure Randomness - SA-CONTRIB-2018-043

Project: Mass Password Reset
Version: 7.x-1.0
Date: 2018-June-27
Security risk: *Less critical* 9∕25
Vulnerability: Insecure Randomness

Description

 
This module enables you to reset passwords for all users based upon their
user role.

The module doesn't use a strong source of randomness, creating weak and
predictable passwords.

This vulnerability is mitigated by the fact that the site must be configured
to reveal the password to the attacker, which is a common configuration.

Solution

Install the latest version:

* If you use the Mass Password Reset module for Drupal 7.x, upgrade to Mass
Password Reset 7.x-1.1

Also see the Mass Password Reset project page.

Add new comment