4 matches found
CVE-2014-8735
The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file...
CVE-2014-8735
The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file...
CVE-2014-8735
The Drupal Bad Behavior module (versions 6.x-2.x prior to 6.x-2.2216 and 7.x-2.x prior to 7.x-2.2216) allows information disclosure by logging usernames and passwords. This occurs because remote authenticated users with the "administer bad behavior" permission can read the module’s logs to obtain...
SA-CONTRIB-2014-100 - Bad Behavior - Information Disclosure
This module enables you to to target any malicious software directed at a Web site, whether it be a spambot, ill-designed search engine bot, or system crackers. It blocks such access and then logs their attempts. Information Disclosure The module doesn't sufficiently sanitize log data, allowing...