Lucene search
HistoryOct 03, 2022 - 4:20 p.m.
CVE-2014-9152
cve-2014-9152
drupal
services module
password vulnerability
remote attackers
brute force attack
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.9 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.8%
The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess the password via a brute force attack.
Affected configurations
Node
services_projectservicesRange≤7.x-3.9drupal
| CPE | Name | Operator | Version |
|---|---|---|---|
| services_project:services | services project services | le | 7.x-3.9 |
Related
nvd
nvd
CVE-2014-9152
2014-12-01 16:59:02
prion
prion
Default credentials
2014-12-01 16:59:00
cvelist
cvelist
CVE-2014-9152
2022-10-03 16:20:41
drupal
drupal
SA-CONTRIB-2014-092 - Services - Cross Site Scripting, Access bypass
2014-09-24 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.9 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.8%
Related for CVE-2014-9152