Hybridauth Social Login Project: >> Hybridauth Social Login Security Vulnerabilities
The HybridAuth Social Login module 7.x-2.x before 7.x-2.13 for Drupal allows remote attackers to bypass the user registration by administrator only configuration and create an account via a social login.
CVSS Score
5.0
EPSS Score
0.003
Published
2015-08-18
The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database.
CVSS Score
3.5
EPSS Score
0.002
Published
2015-06-15