Lucene search

[email protected]CVE-2012-3798

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-3798

2022-10-0316:15:23

CWE-200

[email protected]

web.nvd.nist.gov

cve-2012-3798

janrain capture

drupal

password guessing

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks.

Affected configurations

NVD

Node

bryce_hamrickjanrain_captureMatch6.x-1.0

bryce_hamrickjanrain_captureMatch7.x-1.0

AND

drupaldrupalMatch-

CPENameOperatorVersion
bryce_hamrick:janrain_capturebryce hamrick janrain captureeq6.x-1.0
bryce_hamrick:janrain_capturebryce hamrick janrain captureeq7.x-1.0

CPE	Name	Operator	Version
bryce_hamrick:janrain_capture	bryce hamrick janrain capture	eq	6.x-1.0
bryce_hamrick:janrain_capture	bryce hamrick janrain capture	eq	7.x-1.0

References

drupal.org/node/1632702

drupal.org/node/1632704

drupal.org/node/1632734

osvdb.org/82957

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2012-3798

cvelist1 nvd1 prion1