CVE-2015-4395

2015-06-15T14:59:00
ID CVE-2015-4395
Type cve
Reporter cve@mitre.org
Modified 2016-06-09T21:30:00

Description

The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database.