3 matches found
CVE-2015-5496
CVE-2015-5496 affects the Drupal pass2pdf module. The vulnerability stems from PDFs generated during user registration not being access-restricted, allowing remote attackers to view password information via unspecified vectors (information disclosure). Affected: all versions of the pass2pdf modul...
CVE-2015-5496
The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors...
pass2pdf - Critical - Information Disclosure - Unsupported - SA-CONTRIB-2015-109
This module allows you to let users set a password upon registering, and have the password emailed to the user in a PDF file. The module has an Information Disclosure vulnerability. The generated PDF files are not protected. The user passwords are exposed to anonymous users. CVE identifiers issue...