Drupal · Hybridauth Social Login · CVE-2015-4395
**Name of the Vulnerable Software and Affected Versions**
HybridAuth Social Login module versions 7.x-2.x before 7.x-2.10
**Description**
The issue allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database, due to the storage of passwords in plaintext when the "Ask user for a password when registering" option is enabled.
**Recommendations**
For HybridAuth Social Login module versions 7.x-2.x before 7.x-2.10, update to version 7.x-2.10 or later to resolve the issue.