PT-2013-4930 · Drupal · Botcha Spam Prevention
Published
2013-08-28
·
Updated
2013-09-05
·
CVE-2013-4272
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
BOTCHA Spam Prevention module versions 7.x-1.x through 7.x-1.5
BOTCHA Spam Prevention module versions 7.x-2.x through 7.x-2.0
BOTCHA Spam Prevention module versions 7.x-3.x through 7.x-3.2
Description
The issue allows context-dependent users to obtain sensitive information, such as usernames and passwords, by reading the log file when the debugging level is set to 5 or 6. This occurs because the module logs the content of submitted forms.
Recommendations
For BOTCHA Spam Prevention module versions 7.x-1.x through 7.x-1.5, update to version 7.x-1.6 or later.
For BOTCHA Spam Prevention module versions 7.x-2.x through 7.x-2.0, update to version 7.x-2.1 or later.
For BOTCHA Spam Prevention module versions 7.x-3.x through 7.x-3.2, update to version 7.x-3.3 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Botcha Spam Prevention