Lucene search
MitreCVE-2015-4395HistoryJun 15, 2015 - 2:59 p.m.
CVE-2015-4395
2015-06-1514:59:50
CWE-200
mitre
web.nvd.nist.gov
33
cve-2015-4395
hybridauth
social login
drupal
plaintext passwords
database access
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0.002
Percentile
52.7%
The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the “Ask user for a password when registering” option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database.
Affected configurations
Node
hybridauth_social_login_projecthybridauth_social_loginMatch7.x-2.0drupal
ORhybridauth_social_login_projecthybridauth_social_loginMatch7.x-2.1drupal
ORhybridauth_social_login_projecthybridauth_social_loginMatch7.x-2.2drupal
ORhybridauth_social_login_projecthybridauth_social_loginMatch7.x-2.3drupal
ORhybridauth_social_login_projecthybridauth_social_loginMatch7.x-2.4drupal
ORhybridauth_social_login_projecthybridauth_social_loginMatch7.x-2.5drupal
ORhybridauth_social_login_projecthybridauth_social_loginMatch7.x-2.6drupal
ORhybridauth_social_login_projecthybridauth_social_loginMatch7.x-2.7drupal
ORhybridauth_social_login_projecthybridauth_social_loginMatch7.x-2.8drupal
ORhybridauth_social_login_projecthybridauth_social_loginMatch7.x-2.9drupal
| Vendor | Product | Version | CPE |
|---|---|---|---|
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.0 | cpe:2.3:a:hybridauth_social_login_project:hybridauth_social_login:7.x-2.0:*:*:*:*:drupal:*:* |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.1 | cpe:2.3:a:hybridauth_social_login_project:hybridauth_social_login:7.x-2.1:*:*:*:*:drupal:*:* |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.2 | cpe:2.3:a:hybridauth_social_login_project:hybridauth_social_login:7.x-2.2:*:*:*:*:drupal:*:* |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.3 | cpe:2.3:a:hybridauth_social_login_project:hybridauth_social_login:7.x-2.3:*:*:*:*:drupal:*:* |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.4 | cpe:2.3:a:hybridauth_social_login_project:hybridauth_social_login:7.x-2.4:*:*:*:*:drupal:*:* |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.5 | cpe:2.3:a:hybridauth_social_login_project:hybridauth_social_login:7.x-2.5:*:*:*:*:drupal:*:* |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.6 | cpe:2.3:a:hybridauth_social_login_project:hybridauth_social_login:7.x-2.6:*:*:*:*:drupal:*:* |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.7 | cpe:2.3:a:hybridauth_social_login_project:hybridauth_social_login:7.x-2.7:*:*:*:*:drupal:*:* |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.8 | cpe:2.3:a:hybridauth_social_login_project:hybridauth_social_login:7.x-2.8:*:*:*:*:drupal:*:* |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.9 | cpe:2.3:a:hybridauth_social_login_project:hybridauth_social_login:7.x-2.9:*:*:*:*:drupal:*:* |
Related
nvd
nvd
CVE-2015-4395
2015-06-15 14:59:50
cvelist
cvelist
CVE-2015-4395
2015-06-15 14:00:00
prion
prion
Design/Logic Flaw
2015-06-15 14:59:00
drupal
drupal
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0.002
Percentile
52.7%
Related for CVE-2015-4395