CVE-2015-4395

EUVD-2015-4418
The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
hybridauth_social_login_projecthybridauth_social_login
7.x-2.0:x
hybridauth_social_login_projecthybridauth_social_login
7.x-2.1:x
hybridauth_social_login_projecthybridauth_social_login
7.x-2.2:x
hybridauth_social_login_projecthybridauth_social_login
7.x-2.3:x
hybridauth_social_login_projecthybridauth_social_login
7.x-2.4:x
hybridauth_social_login_projecthybridauth_social_login
7.x-2.5:x
hybridauth_social_login_projecthybridauth_social_login
7.x-2.6:x
hybridauth_social_login_projecthybridauth_social_login
7.x-2.7:x
hybridauth_social_login_projecthybridauth_social_login
7.x-2.8:x
hybridauth_social_login_projecthybridauth_social_login
7.x-2.9:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/74364
https://www.drupal.org/node/2475443
https://www.drupal.org/node/2475943
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/74364
https://www.drupal.org/node/2475443
https://www.drupal.org/node/2475943