PT-2015-6577 · Drupal · Hybridauth Social Login

Mike Goulding

Published

2015-06-15

Updated

2016-06-09

CVE-2015-4395

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions HybridAuth Social Login module versions 7.x-2.x before 7.x-2.10

Description The issue allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database, due to the storage of passwords in plaintext when the "Ask user for a password when registering" option is enabled.

Recommendations For HybridAuth Social Login module versions 7.x-2.x before 7.x-2.10, update to version 7.x-2.10 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-4395

Affected Products

Hybridauth Social Login

PT-2015-6577 · Drupal · Hybridauth Social Login

CVE-2015-4395

Weakness Enumeration

Related Identifiers

Affected Products

References · 5