The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the βAsk user for a password when registeringβ option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database.