Developers of the popular Drupal content management system are working to secure the software’s update mechanism after a researcher recently found weaknesses in it.
Last week, researcher Fernando Arnaboldi from security firm IOActive disclosed several issues with the update mechanism in Drupal: the failure of the back-end administration panel to report update errors, a cross-site request forgery (CSRF) flaw that could allow attackers to force admins to repeatedly trigger update checks, and the lack of encryption for update downloads.
To read this article in full or to leave a comment, please click here