CVE-2015-4395

The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
hybridauth_social_login_projecthybridauth_social_login
7.x-2.0:x
hybridauth_social_login_projecthybridauth_social_login
7.x-2.1:x
hybridauth_social_login_projecthybridauth_social_login
7.x-2.2:x
hybridauth_social_login_projecthybridauth_social_login
7.x-2.3:x
hybridauth_social_login_projecthybridauth_social_login
7.x-2.4:x
hybridauth_social_login_projecthybridauth_social_login
7.x-2.5:x
hybridauth_social_login_projecthybridauth_social_login
7.x-2.6:x
hybridauth_social_login_projecthybridauth_social_login
7.x-2.7:x
hybridauth_social_login_projecthybridauth_social_login
7.x-2.8:x
hybridauth_social_login_projecthybridauth_social_login
7.x-2.9:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/74364
https://www.drupal.org/node/2475443
https://www.drupal.org/node/2475943
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/74364
https://www.drupal.org/node/2475443
https://www.drupal.org/node/2475943