Vigil@nce - Drupal HybridAuth Social Login: information disclosure
June 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can read the Drupal HybridAuth Social Login database,
in order to obtain sensitive information.
Impacted products: Drupal Modules
Severity: 2/4
Creation date: 23/04/2015
DESCRIPTION OF THE VULNERABILITY
The HybridAuth Social Login module can be installed on Drupal.
However, passwords are stored in clear text.
An attacker can therefore read the Drupal HybridAuth Social Login
database, in order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Drupal-HybridAuth-Social-Login-information-disclosure-16696