CVE-2014-9152

Name of the Vulnerable Software and Affected Versions Services module versions 7.x-3.x before 7.x-3.10

Description The issue concerns the user resource create function in the Services module, which uses a default password of 1 when creating new user accounts. This makes it easier for remote attackers to guess the password via a brute force attack.

Recommendations For versions prior to 7.x-3.10, update to version 7.x-3.10 or later to resolve the issue. As a temporary workaround, consider disabling the user resource create function until a patch is available. Restrict access to the Services module to minimize the risk of exploitation. Avoid using the default password creation mechanism in the affected module until the issue is resolved.