Drupal Views module information disclosure vulnerability

Description

The Views module contains an information disclosure vulnerability due to the fact that it allows access to user profile data. This vulnerability exposes actual user names, so defensive strategies to protect usernams (such as using aliases, or the RealName (http://drupal.org/project/realname) module) cannot protect against this exposure. This method is particularly useful for finding the Drupal super user account (id 1) and other accounts that might not be exposed anywhere on the public facing site.

Remediation

Apply the patch provided in the web reference section.

References