CVE-2013-4177

The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Ga_login	Google_authenticator_login_project	6.x-1.0-alpha1 (including)	6.x-1.0-alpha1 (including)
Ga_login	Google_authenticator_login_project	6.x-1.0-beta1 (including)	6.x-1.0-beta1 (including)
Ga_login	Google_authenticator_login_project	6.x-1.0-beta2 (including)	6.x-1.0-beta2 (including)
Ga_login	Google_authenticator_login_project	6.x-1.1 (including)	6.x-1.1 (including)
Ga_login	Google_authenticator_login_project	6.x-1.x-dev (including)	6.x-1.x-dev (including)
Ga_login	Google_authenticator_login_project	7.x-1.0 (including)	7.x-1.0 (including)
Ga_login	Google_authenticator_login_project	7.x-1.0-beta1 (including)	7.x-1.0-beta1 (including)
Ga_login	Google_authenticator_login_project	7.x-1.0-dev (including)	7.x-1.0-dev (including)
Ga_login	Google_authenticator_login_project	7.x-1.1 (including)	7.x-1.1 (including)
Ga_login	Google_authenticator_login_project	7.x-1.2 (including)	7.x-1.2 (including)
Ga_login	Google_authenticator_login_project	7.x-1.3 (including)	7.x-1.3 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-4177
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References