CVE-2012-3798

The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://drupal.org/node/1632702	Patch
http://drupal.org/node/1632704	Patch
http://drupal.org/node/1632734	Patch Vendor Advisory
http://osvdb.org/82957

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:bryce_hamrick:janrain_capture:6.x-1.0:::::::*
	cpe:2.3:a:bryce_hamrick:janrain_capture:7.x-1.0:::::::*

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-06-27 00:55

Updated : 2024-02-04 18:16

NVD link : CVE-2012-3798

Mitre link : CVE-2012-3798

CVE.ORG link : CVE-2012-3798

JSON object : View

Products Affected

drupal

drupal

bryce_hamrick

janrain_capture

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2012-3798", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-06-27T00:55:06.613", "references": [{"url": "http://drupal.org/node/1632702", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://drupal.org/node/1632704", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://drupal.org/node/1632734", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/82957", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks."}, {"lang": "es", "value": "El m\u00f3dulo Janrain Capture v6.x-1.0 y v7.x-1.0 para Drupal, cuando est\u00e1 creando una cuenta de de usuario local, permite a atacantes a obtener parte de la entrada inicial usada, lo que facilita conducir un ataque de fuerza bruta a la cuenta de invitado."}], "lastModified": "2012-06-27T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bryce_hamrick:janrain_capture:6.x-1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF17BA08-0E5A-42A7-A219-E5CA84AEA15B"}, {"criteria": "cpe:2.3:a:bryce_hamrick:janrain_capture:7.x-1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C11C0A8-81EA-4B85-9EFE-F38186B539CD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}