Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Project:
Date:
2025-August-27
Vulnerability:
Access bypass
Affected versions:
<2.1.8
CVE IDs:
CVE-2025-8093
Description:
This module allows users to setup two-factor authentication (2FA) using authenticator apps for enhanced login security.
The module did not protect all possible login paths provided by core modules.
CVSS risk score (experimental) 6.3 / Medium
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Solution:
Install the latest version:
- If you use the Alogin module for Drupal 10^, upgrade to Alogin 2.1.8
Reported By:
Fixed By:
- Ahmed Raza (ahmed.raza)
- Pierre Rudloff (prudloff), provisional member of the Drupal Security Team
Coordinated By:
- Damien McKenna (damienmckenna) of the Drupal Security Team
- Greg Knaddison (greggles) of the Drupal Security Team
- Drew Webber (mcdruid) of the Drupal Security Team
- Juraj Nemec (poker10) of the Drupal Security Team
- Cathy Theys (yesct) of the Drupal Security Team
