Lucene search

[email protected]NVD:CVE-2012-3798

HistoryJun 27, 2012 - 12:55 a.m.

CVE-2012-3798

2012-06-2700:55:06

CWE-200

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks.

Affected configurations

NVD

Node

bryce_hamrickjanrain_captureMatch6.x-1.0

bryce_hamrickjanrain_captureMatch7.x-1.0

AND

drupaldrupalMatch-

References

drupal.org/node/1632702

drupal.org/node/1632704

drupal.org/node/1632734

osvdb.org/82957

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2012-3798

cvelist1 cve1 prion1