CVE-2015-4395

Опубликовано: 15 июн. 2015

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database.

Ссылки

http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/74364
https://www.drupal.org/node/2475443
Vendor Advisory
https://www.drupal.org/node/2475943
Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/74364
https://www.drupal.org/node/2475443
Vendor Advisory
https://www.drupal.org/node/2475943
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:hybridauth_social_login_project:hybridauth_social_login:7.x-2.0:*:*:*:*:drupal:*:*

cpe:2.3:a:hybridauth_social_login_project:hybridauth_social_login:7.x-2.1:*:*:*:*:drupal:*:*

cpe:2.3:a:hybridauth_social_login_project:hybridauth_social_login:7.x-2.2:*:*:*:*:drupal:*:*

cpe:2.3:a:hybridauth_social_login_project:hybridauth_social_login:7.x-2.3:*:*:*:*:drupal:*:*

cpe:2.3:a:hybridauth_social_login_project:hybridauth_social_login:7.x-2.4:*:*:*:*:drupal:*:*

cpe:2.3:a:hybridauth_social_login_project:hybridauth_social_login:7.x-2.5:*:*:*:*:drupal:*:*

cpe:2.3:a:hybridauth_social_login_project:hybridauth_social_login:7.x-2.6:*:*:*:*:drupal:*:*

cpe:2.3:a:hybridauth_social_login_project:hybridauth_social_login:7.x-2.7:*:*:*:*:drupal:*:*

cpe:2.3:a:hybridauth_social_login_project:hybridauth_social_login:7.x-2.8:*:*:*:*:drupal:*:*

cpe:2.3:a:hybridauth_social_login_project:hybridauth_social_login:7.x-2.9:*:*:*:*:drupal:*:*

EPSS

Процентиль: 38%

0.0017

Низкий

3.5 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-3pw8-39w6-wrfq

github

больше 3 лет назад