5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
69.1%
This module allows you to let users set a password upon registering, and have the password emailed to the user in a PDF file.
The module has an Information Disclosure vulnerability. The generated PDF files are not protected. The user passwords are exposed to anonymous users.
Drupal core is not affected. If you do not use the contributed pass2pdf module,
there is nothing you need to do.
If you use the pass2pdf module you should uninstall it.
Also see the pass2pdf project page.
Not applicable.