Описание
The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks.
Ссылки
- Patch
- Patch
- PatchVendor Advisory
- Patch
- Patch
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:bryce_hamrick:janrain_capture:6.x-1.0:*:*:*:*:*:*:*
cpe:2.3:a:bryce_hamrick:janrain_capture:7.x-1.0:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00388
Низкий
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
около 3 лет назад
The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks.
EPSS
Процентиль: 59%
0.00388
Низкий
5 Medium
CVSS2
Дефекты
CWE-200