Vulnerabilities > CVE-2011-0899 - Unspecified vulnerability in Johan Lindskog AES Encryption Module 7.X1.4
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The AES encryption module 7.x-1.4 for Drupal leaves certain debugging code enabled in release, which records the plaintext password of the last logged-in user and allows remote attackers to gain privileges as that user.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 |
D2sec
| name | Drupal AES encryption File Disclosure |
| url | http://www.d2sec.com/exploits/drupal_aes_encryption_file_disclosure.html |
References
- http://drupal.org/node/1040728
- http://drupal.org/node/1048998
- http://osvdb.org/70767
- http://secunia.com/advisories/43185
- http://www.securityfocus.com/bid/46116
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65112
- http://drupal.org/node/1040728
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65112
- http://www.securityfocus.com/bid/46116
- http://secunia.com/advisories/43185
- http://osvdb.org/70767
- http://drupal.org/node/1048998