Drupal Login Security Module Security Bypass and Denial of Service Vulnerability
Login Security 6.x-1.x versions prior to 6.x-1.2.
Login Security 7.x-1.x versions prior to 7.x-1.2.
A security issue and a vulnerability have been reported in the Login Security module for Drupal
1) The security issue is caused due to an unspecified error and can be exploited to bypass the module features.
Successful exploitation requires the "soft blocking" feature to be disabled.
2) The vulnerability is caused due to an error within the delay feature and can be exploited to consume all web server instances via multiple failed login attempts.
Drupal Login Security Module can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).