Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

hybridauth_social_login_project

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated ProductsRelated AssignersReports
2Vulnerabilities found
CVE-2015-5511
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.54% / 66.93%
||
7 Day CHG~0.00%
Published-18 Aug, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HybridAuth Social Login module 7.x-2.x before 7.x-2.13 for Drupal allows remote attackers to bypass the user registration by administrator only configuration and create an account via a social login.

Action-Not Available
Vendor-hybridauth_social_login_projectn/a
Product-hybridauth_social_loginn/a
CVE-2015-4395
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.17% / 38.24%
||
7 Day CHG~0.00%
Published-15 Jun, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database.

Action-Not Available
Vendor-hybridauth_social_login_projectn/a
Product-hybridauth_social_loginn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor