{"id":"CVE-2016-3170","details":"The \"have you forgotten your password\" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in.","aliases":["GHSA-pqv4-xgqh-j8vh"],"modified":"2026-03-13T22:22:38.719881Z","published":"2016-04-12T15:59:07.917Z","references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/02/24/19"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2016/03/15/10"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3498"},{"type":"FIX","url":"https://www.drupal.org/SA-CORE-2016-001"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/drupal/drupal","events":[{"introduced":"0"},{"last_affected":"497914920385b7016ac9c9367e0198530787adf2"},{"introduced":"0"},{"last_affected":"35c2f3ca5c935f3d8bde15932a712677c9bbd50f"},{"introduced":"0"},{"last_affected":"497914920385b7016ac9c9367e0198530787adf2"},{"introduced":"0"},{"last_affected":"c511a4abe771499fe4ff682decad59a3cd1e61d0"},{"introduced":"0"},{"last_affected":"154ffa85f8bf5033c958ba8face74797463a6bde"},{"introduced":"0"},{"last_affected":"d516f6778e57da524e3491710c6e5a5382dc647e"},{"introduced":"0"},{"last_affected":"a4fabec730e7377f6dfe656599145b40f778a77d"},{"introduced":"0"},{"last_affected":"9b9d9296c85e88d6ecb875d7e350e0083a105108"},{"introduced":"0"},{"last_affected":"9bf09eea76bbf071db4016252faca2d20bf1a6c2"},{"introduced":"0"},{"last_affected":"0c6f9b0074a227fe1b2fef3621925ef900039486"},{"introduced":"0"},{"last_affected":"d0b330ef316d761fc02eadeb659f9ff1ab106c3e"},{"introduced":"0"},{"last_affected":"237c0642a799ed3a1895f3144d8017422e2a8f72"},{"introduced":"0"},{"last_affected":"d08387cf6316da3b5158ccc1063acc5399ef3ee2"},{"introduced":"0"},{"last_affected":"497914920385b7016ac9c9367e0198530787adf2"},{"introduced":"0"},{"last_affected":"316bd96ebff36284f5f3e33268760ff9c672b6f8"},{"introduced":"0"},{"last_affected":"49e2d2ca6f6c6489b07b9e863150d20a38148a57"},{"introduced":"0"},{"last_affected":"ebf9026bb8411de4866824f45ab825ecb41a5f47"},{"introduced":"0"},{"last_affected":"d8cfe088697631a9789895b4128b12ab79c07207"},{"introduced":"0"},{"last_affected":"eabb023933ac83947e5d238c4a83b1f5bdbcc738"},{"introduced":"0"},{"last_affected":"1f124bf1accbad60b31a463ff59232d2f5626100"},{"introduced":"0"},{"last_affected":"ca9434462a4af269f24b0b616939938a3a4c112f"},{"introduced":"0"},{"last_affected":"6b54665a5921d26d00559644754047420776da4a"},{"introduced":"0"},{"last_affected":"09bfa80c0c6ffabf7e02e706dbfd2f514619bbc4"},{"introduced":"0"},{"last_affected":"a07564a2968a464d3f800da0c2e75045caa367ea"},{"introduced":"0"},{"last_affected":"40093b2fa7dde4a5f3c6806aad91b9302c232903"},{"introduced":"0"},{"last_affected":"4d4080b17681ae674e10c077b72d00f0b1544e0c"},{"introduced":"0"},{"last_affected":"9879d29f731570a34b24c4eae4cc8cb30c7a5082"},{"introduced":"0"},{"last_affected":"30d1e719aa5e9a9ad66514078ca3b0975ddadc9c"},{"introduced":"0"},{"last_affected":"a584af62514ba7ec37b82b0c7b17081fcca4c5e0"},{"introduced":"0"},{"last_affected":"b9127101ffeca819e74a03fa9f5a48d026c562e5"},{"introduced":"0"},{"last_affected":"c5d6e6334fb7a71ecf1dbc7e06a7de8ad9547b27"},{"introduced":"0"},{"last_affected":"b47f95d3013619e33cafdf8b769b2b6179a07956"},{"introduced":"0"},{"last_affected":"1d4604da252f0e6e19339957ec214388f61b908d"},{"introduced":"0"},{"last_affected":"3a24da1b40f5e05876ad7775044500b61eb2ed94"},{"introduced":"0"},{"last_affected":"ec59e1197a2aa37557f9a87f13ba4d90e6aabf4c"},{"introduced":"0"},{"last_affected":"dce3c77a61d9510dbac6927b60a03bc8da19e947"},{"introduced":"0"},{"last_affected":"bf704d6ffe55d66a440a55a9d43e8846d46d2440"},{"introduced":"0"},{"last_affected":"782d1155c62c0a879bf587c7e40c3a13bcf6879c"},{"introduced":"0"},{"last_affected":"effed1c831c997be26e12f18be0d8eb683f21a75"},{"introduced":"0"},{"last_affected":"dc791ec5839b52c7616bf66993122aa9a1336384"},{"introduced":"0"},{"last_affected":"6642fbc7001c728e218170fd286e6b8a24eef24f"},{"introduced":"0"},{"last_affected":"1769d1cca92e206510528c324552797e83a1fc7c"},{"introduced":"0"},{"last_affected":"83b80acad8431fcd56e9a331ba06c41edee48c91"},{"introduced":"0"},{"last_affected":"f9784cf829fe2d6aad57b6de1f2e3a167e95cea6"},{"introduced":"0"},{"last_affected":"4ba5f184c69306da0e30260890f01ea0694af274"},{"introduced":"0"},{"last_affected":"81586d9e9d04dcee487c50de426c04221899b6d0"},{"introduced":"0"},{"last_affected":"b44056d2f8e8c71d35c85ec5c2fb8f7c8a02d8a8"},{"introduced":"0"},{"last_affected":"b42286571f4a22324f321af025768107caa99c30"},{"introduced":"0"},{"last_affected":"18c5da5028b7c3ba985e598bb8df45613285d437"},{"introduced":"0"},{"last_affected":"5cb79b4b217e9aa315d61284398cce132c28bea4"},{"introduced":"0"},{"last_affected":"be00a1ced4104d84df2f34b149b35fb0adf91093"},{"introduced":"0"},{"last_affected":"9d16792580c241b42e6192b480f65cf0bdd07bc9"},{"introduced":"0"},{"last_affected":"9f72251c9291b5613acb9ca4ea7a51b4739e3f93"},{"introduced":"0"},{"last_affected":"9ee4a1a2fa3bedb3852d21f2198509c107c48890"},{"introduced":"0"},{"last_affected":"497914920385b7016ac9c9367e0198530787adf2"},{"introduced":"0"},{"last_affected":"2ca54697b3637a1df60639d092c9f708dabf2aa3"},{"introduced":"0"},{"last_affected":"c39598105fded28f7bfedc78734c1ccde9a9bc9e"},{"introduced":"0"},{"last_affected":"34c6f66988fcbd0ef1222e5653be38d8f0eeb9a3"},{"introduced":"0"},{"last_affected":"b4f282a55b7da8c883216392cb74bf795cad3ff7"},{"introduced":"0"},{"last_affected":"aca60072f283a94bbbd71426df6c31237b2878f1"},{"introduced":"0"},{"last_affected":"970fdb9e479f15291a9b54ea429c68e1b621607a"},{"introduced":"0"},{"last_affected":"784cebbe5a3ef9caa2211bca9a0ac1e510c6bb7a"},{"introduced":"0"},{"last_affected":"14336d94b8da95f2c2f26edb7ffb5c12d58a1212"},{"introduced":"0"},{"last_affected":"172cd2652a6d938f732970dcafdd751155f53236"},{"introduced":"0"},{"last_affected":"c478bf4062e910357c2dd89c9dd069ffd2d959a2"},{"introduced":"0"},{"last_affected":"9e4cdb98115508900b77cdd392f15215f839dac6"},{"introduced":"0"},{"last_affected":"8b40554c5aa45ecf6dd11418ee8d48b379ff2a34"},{"introduced":"0"},{"last_affected":"2d64433829033660b87a1a1d054b3899a18addba"},{"introduced":"0"},{"last_affected":"647bfab79e6ee1fddb339c50152315e479d4fe8f"},{"introduced":"0"},{"last_affected":"3f7404935955cd2a63023e77a07c4231ad5ff62a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"0"},{"last_affected":"8.0"},{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"0"},{"last_affected":"7.0-alpha1"},{"introduced":"0"},{"last_affected":"7.0-alpha2"},{"introduced":"0"},{"last_affected":"7.0-alpha3"},{"introduced":"0"},{"last_affected":"7.0-alpha4"},{"introduced":"0"},{"last_affected":"7.0-alpha5"},{"introduced":"0"},{"last_affected":"7.0-alpha6"},{"introduced":"0"},{"last_affected":"7.0-alpha7"},{"introduced":"0"},{"last_affected":"7.0-beta1"},{"introduced":"0"},{"last_affected":"7.0-beta2"},{"introduced":"0"},{"last_affected":"7.0-beta3"},{"introduced":"0"},{"last_affected":"7.0-dev"},{"introduced":"0"},{"last_affected":"7.1"},{"introduced":"0"},{"last_affected":"7.2"},{"introduced":"0"},{"last_affected":"7.3"},{"introduced":"0"},{"last_affected":"7.4"},{"introduced":"0"},{"last_affected":"7.5"},{"introduced":"0"},{"last_affected":"7.6"},{"introduced":"0"},{"last_affected":"7.7"},{"introduced":"0"},{"last_affected":"7.8"},{"introduced":"0"},{"last_affected":"7.9"},{"introduced":"0"},{"last_affected":"7.10"},{"introduced":"0"},{"last_affected":"7.11"},{"introduced":"0"},{"last_affected":"7.12"},{"introduced":"0"},{"last_affected":"7.13"},{"introduced":"0"},{"last_affected":"7.14"},{"introduced":"0"},{"last_affected":"7.15"},{"introduced":"0"},{"last_affected":"7.16"},{"introduced":"0"},{"last_affected":"7.17"},{"introduced":"0"},{"last_affected":"7.18"},{"introduced":"0"},{"last_affected":"7.19"},{"introduced":"0"},{"last_affected":"7.20"},{"introduced":"0"},{"last_affected":"7.21"},{"introduced":"0"},{"last_affected":"7.22"},{"introduced":"0"},{"last_affected":"7.23"},{"introduced":"0"},{"last_affected":"7.24"},{"introduced":"0"},{"last_affected":"7.25"},{"introduced":"0"},{"last_affected":"7.26"},{"introduced":"0"},{"last_affected":"7.27"},{"introduced":"0"},{"last_affected":"7.28"},{"introduced":"0"},{"last_affected":"7.29"},{"introduced":"0"},{"last_affected":"7.30"},{"introduced":"0"},{"last_affected":"7.33"},{"introduced":"0"},{"last_affected":"7.34"},{"introduced":"0"},{"last_affected":"7.35"},{"introduced":"0"},{"last_affected":"7.36"},{"introduced":"0"},{"last_affected":"7.37"},{"introduced":"0"},{"last_affected":"7.38"},{"introduced":"0"},{"last_affected":"7.39"},{"introduced":"0"},{"last_affected":"7.40"},{"introduced":"0"},{"last_affected":"7.41"},{"introduced":"0"},{"last_affected":"7.42"},{"introduced":"0"},{"last_affected":"7.x-dev"},{"introduced":"0"},{"last_affected":"8.0-alpha10"},{"introduced":"0"},{"last_affected":"8.0-alpha11"},{"introduced":"0"},{"last_affected":"8.0-alpha12"},{"introduced":"0"},{"last_affected":"8.0-alpha13"},{"introduced":"0"},{"last_affected":"8.0-alpha2"},{"introduced":"0"},{"last_affected":"8.0-alpha3"},{"introduced":"0"},{"last_affected":"8.0-alpha4"},{"introduced":"0"},{"last_affected":"8.0-alpha5"},{"introduced":"0"},{"last_affected":"8.0-alpha6"},{"introduced":"0"},{"last_affected":"8.0-alpha7"},{"introduced":"0"},{"last_affected":"8.0-alpha8"},{"introduced":"0"},{"last_affected":"8.0-alpha9"},{"introduced":"0"},{"last_affected":"8.0.1"},{"introduced":"0"},{"last_affected":"8.0.2"},{"introduced":"0"},{"last_affected":"8.0.3"}]}}],"versions":["1.0","2.0","3.0.1","5.0-beta-1","5.0-beta-2","5.0-rc-1","5.0-rc-2","6.0-beta-1","6.0-beta-2","6.0-beta-3","6.0-beta-4","6.0-rc-1","6.0-rc-2","6.0-rc-3","7.0","7.0-alpha1","7.0-alpha2","7.0-alpha3","7.0-alpha4","7.0-alpha5","7.0-alpha6","7.0-alpha7","7.0-beta1","7.0-beta2","7.0-beta3","7.0-rc-1","7.0-rc-2","7.0-rc-3","7.0-rc-4","7.0-unstable-1","7.0-unstable-10","7.0-unstable-2","7.0-unstable-3","7.0-unstable-4","7.0-unstable-5","7.0-unstable-6","7.0-unstable-7","start"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0-rc4"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-alpha14"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-alpha15"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-beta1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-beta10"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-beta11"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-beta12"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-beta13"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-beta14"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-beta15"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-beta16"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-beta2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-beta3"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-beta4"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-beta6"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-beta7"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-beta9"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0-rc4"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3170.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}