The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.4 |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.6 |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.2 |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.0 |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.1 |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.3 |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.5 |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.7 |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.9 |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.8 |
The HybridAuth Social Login module 7.x-2.x before 7.x-2.13 for Drupal allows remote attackers to bypass the user registration by administrator only configuration and create an account via a social login.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.4 |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.11 |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.2 |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.5 |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.12 |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.7 |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.8 |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.6 |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.0 |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.1 |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.3 |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.9 |
| hybridauth_social_login_project | hybridauth_social_login | 7.x-2.10 |