Vigil@nce - Drupal Secure Pages: SSL not used
November 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can capture sensitive information, even if Drupal
Secure Pages is used.
Impacted products: Drupal Modules
Severity: 2/4
Creation date: 07/11/2013
DESCRIPTION OF THE VULNERABILITY
The Secure Pages module forces the usage of SSL/TLS.
However, all pages do not use SSL/TLS.
An attacker can therefore capture sensitive information, even if
Drupal Secure Pages is used.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Drupal-Secure-Pages-SSL-not-used-13719