2 matches found
CVE-2015-4395
The CVE-2015-4395 affects the HybridAuth Social Login module for Drupal (7.x-2.x) prior to 7.x-2.10. The underlying issue is that when the option “Ask user for a password when registering” is enabled, passwords are stored in plaintext, allowing remote authenticated users with certain permissions ...
HybridAuth Social Login - Less Critical - Information Disclosure - SA-CONTRIB-2015-097
HybridAuth Social Login module enables you to allow visitors to authenticate or login to a Drupal site using their identities from social networks like Facebook or Twitter. The module may store user passwords in plain text. This vulnerability is mitigated by the fact that the option "Ask user for...