Drupal is a CMS, used to build personal blogs and enterprise applications as well. It is flexible to any extent as it comes with thousands of add-on modules and designs which lets one to build a website of his imagination. And new major/minor versions, modules get released often. It is wise to update one’s website as soon as they are released, for they are generally released to fix bugs or security vulnerabilities.
The Drupal has recently released 7.41 Version that fixes the open redirect security vulnerability. Prior to it, there was every possibility for the malicious attackers to harvest the admin credentials through the fake login pages. And, reportedly researchers are working on Drupal 8 Security issues.
Drupal 7.41 Version
There was a vulnerability reported in the overlay module which gets incorporated by default with Drupal installations. Through this module, one could open administrative pages from the website’s frontend, without the specific browser tab from the classic admin panel.
An open redirect application redirects the user by accepting the parameter value. This mechanism is taken advantage in phishing attacks by redirecting the users to malicious web page sites without their knowledge. This vulnerability affected the logged in users. Drupal 7.41 comes with this security fix, and webmasters are advised to update their respective sites.
Drupal 8 Version
Recently, XSS (cross-site scripting) vulnerability has been discovered by the researchers in Drupal’s 8.0.0-beta14 version. The vulnerability lies in “\core\vendor\behat\mink\driver-testsuite\web-fixtures\issue130.php” file, which possess a GLOBAL variable that fails to sanitize the data requested. Thereby, it enables the attackers to execute malicious code by running a reflected XSS attack.
The Drupal’s team quickly fixed the issue, but one of the security researcher’s concern is that the bug has got fixed through non-recommended methods (not recommended by Open Web Application Security Project or the Microsoft) via XSS Prevention Cheat Sheet. Any security fixing requirements for your website are always to be handled by experts. Drupal India is a leading name for Drupal Web Development Company in India and abroad. We extend a full range of services for this platform to meet diverse business needs. Connect with us to design, develop, and maintain high-performance Drupal websites.