CVE-2026-15079 in Login Disable
Summary
by MITRE • 07/11/2026
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 07/11/2026
The improper restriction of excessive authentication attempts vulnerability in Drupal Login Disable represents a critical security weakness that directly enables brute force attacks against user accounts. This flaw exists within the login disable module version range from 0.0.0 through 2.1.4, where the system fails to adequately enforce rate limiting or account lockout mechanisms during authentication attempts. The vulnerability stems from insufficient validation of repeated login failures, allowing malicious actors to systematically test numerous password combinations without encountering effective barriers. This weakness aligns with CWE-307, which specifically addresses inadequate protection against brute force attacks through improper restriction of authentication attempts. The absence of proper rate limiting controls creates an environment where attackers can exploit the system using automated tools to cycle through common passwords or employ dictionary attacks. From an operational perspective, this vulnerability significantly increases the risk of unauthorized account access and potential system compromise, particularly when combined with weak password policies or credential reuse across multiple systems.
The technical implementation flaw manifests in the module's failure to maintain proper state tracking of failed authentication attempts or enforce time-based delays between successive login requests. Attackers can leverage this weakness by submitting multiple login requests in rapid succession, bypassing any intended security measures that should prevent excessive attempts from a single source. The vulnerability operates at the application layer, specifically within the authentication handling logic where successful login attempts are not properly correlated with failed ones to determine when account lockout or rate limiting should be triggered. This issue directly contradicts established security principles outlined in the NIST SP 800-63 standard for authentication and access control, which emphasizes the importance of implementing robust countermeasures against automated attack vectors. The attack surface is further expanded by the fact that this vulnerability affects a widely deployed module within the Drupal ecosystem, meaning that organizations using vulnerable versions face significant exposure to coordinated brute force campaigns.
Organizations operating affected Drupal installations must immediately implement mitigations including updating to patched versions of the Login Disable module or applying alternative security controls such as IP-based rate limiting at the web server level. The recommended approach involves configuring proper authentication throttling mechanisms that can detect and block suspicious login patterns, implementing account lockout policies after a defined number of failed attempts, and deploying additional network-level protections such as fail2ban or similar intrusion prevention systems. From an ATT&CK framework perspective, this vulnerability maps to technique T1110.003 for Brute Force: Password Guessing and T1566.002 for Phishing: Spearphishing Attachment, as attackers can leverage the weakness to gain unauthorized access to legitimate user accounts. Security teams should also consider implementing multi-factor authentication as a compensating control to reduce the impact of compromised credentials, while monitoring for unusual login patterns that may indicate ongoing brute force attempts. The vulnerability requires immediate attention given its potential for mass account compromise and the relative ease with which attackers can exploit it using readily available automated tools.