CVE-2015-4395 in HybridAuth Social Login Moduleinfo

Summary

The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

06/05/2015

Disclosure

06/15/2015

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
75944	HybridAuth Social Login Module Password information disclosure	200	Not defined	Official fix	CVE-2015-4395

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!