exploitDog

CVE-2014-9152

Опубликовано: 01 дек. 2014

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess the password via a brute force attack.

Ссылки

http://cgit.drupalcode.org/services/commit/?id=809aafa
Vendor Advisory
https://www.drupal.org/node/2344389
Vendor Advisory
https://www.drupal.org/node/2344423
Vendor Advisory
http://cgit.drupalcode.org/services/commit/?id=809aafa
Vendor Advisory
https://www.drupal.org/node/2344389
Vendor Advisory
https://www.drupal.org/node/2344423
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:services_project:services:*:*:*:*:*:drupal:*:*

Версия до 7.x-3.9 (включая)

EPSS

Процентиль: 66%

0.00519

Низкий

7.5 High

CVSS2

Дефекты

CWE-255

Связанные уязвимости

GHSA-64gp-rcpx-h2m8

github

больше 3 лет назад

The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess the password via a brute force attack.

EPSS

Процентиль: 66%

0.00519

Низкий

7.5 High

CVSS2

Дефекты

CWE-255