Plaintext Password Storage Vulnerability in HybridAuth Social Login for Drupal
CVE-2015-4395

Currently unrated

Key Information:

Vendor

Hybridauth Social Login Project

Status
Hybridauth Social Login
Vendor
CVE Published:
15 June 2015

What is CVE-2015-4395?

The HybridAuth Social Login module for Drupal prior to version 7.x-2.10 contains a vulnerability where it stores user passwords in plaintext when the option to 'Ask user for a password when registering' is enabled. This design flaw allows remote authenticated users with the necessary permissions to retrieve sensitive information directly from the database, leading to potential unauthorized access to user accounts and compromising user data security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.openwall.com/lists/oss-security/2015/04/25/6
mailing-listx_refsource_MLIST
https://www.drupal.org/node/2475943
x_refsource_MISC
http://www.securityfocus.com/bid/74364
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.