Drupal AES Encryption Module Information Disclosure Vulnerability Network Vulnerability

Summary

The host is running Drupal AES Encryption Module and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow attacker to obtain sensitive information that could aid in further attacks. Impact Level: Application

Solution

Upgarade to Drupal AES Encryption Module 7.x-1.5 or later. For updates refer to http://drupal.org/node/1040728

Insight

The flaw is triggered when the module saves user passwords in a text file, which will disclose the password to a remote attacker who directly requests the file.

Affected

Drupal AES Encryption Module 7.x-1.4

References

http://drupal.org/node/1048998
http://osvdb.org/70767
http://secunia.com/advisories/43185
http://xforce.iss.net/xforce/xfdb/65112

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0899
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
Apache ActiveMQ Multiple Vulnerabilities
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability

Take action and discover your vulnerabilities