3.5
CVE-2015-4395
- EPSS 0.17%
- Veröffentlicht 15.06.2015 14:59:50
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hybridauth Social Login Project ≫ Hybridauth Social Login Version7.x-2.0 SwPlatformdrupal
Hybridauth Social Login Project ≫ Hybridauth Social Login Version7.x-2.1 SwPlatformdrupal
Hybridauth Social Login Project ≫ Hybridauth Social Login Version7.x-2.2 SwPlatformdrupal
Hybridauth Social Login Project ≫ Hybridauth Social Login Version7.x-2.3 SwPlatformdrupal
Hybridauth Social Login Project ≫ Hybridauth Social Login Version7.x-2.4 SwPlatformdrupal
Hybridauth Social Login Project ≫ Hybridauth Social Login Version7.x-2.5 SwPlatformdrupal
Hybridauth Social Login Project ≫ Hybridauth Social Login Version7.x-2.6 SwPlatformdrupal
Hybridauth Social Login Project ≫ Hybridauth Social Login Version7.x-2.7 SwPlatformdrupal
Hybridauth Social Login Project ≫ Hybridauth Social Login Version7.x-2.8 SwPlatformdrupal
Hybridauth Social Login Project ≫ Hybridauth Social Login Version7.x-2.9 SwPlatformdrupal
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.348 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.