Vulnerabilities > CVE-2012-2299 - Credentials Management vulnerability in Ubercart

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

ubercart

CWE-255

NVD

Published: 2012-08-14

Updated: 2024-11-21

Summary

The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database.

Vulnerable Configurations

Part	Description	Count
Application	Ubercart Ubercart Ubercart 6.X-2.0 Ubercart Ubercart 6.X-2.1 Ubercart Ubercart 6.X-2.2 Ubercart Ubercart 6.X-2.3 Ubercart Ubercart 6.X-2.4 Ubercart Ubercart 6.X-2.6 Ubercart Ubercart 6.X-2.7 Ubercart Ubercart 7.X-3.0	34
Application	Drupal Drupal Drupal -	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://drupal.org/node/1547506
http://drupal.org/node/1547506
http://drupal.org/node/1547508
http://drupal.org/node/1547508
http://drupal.org/node/1547674
http://drupal.org/node/1547674
http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb
http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb
http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84
http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84
http://secunia.com/advisories/48935
http://secunia.com/advisories/48935
http://www.openwall.com/lists/oss-security/2012/05/03/1
http://www.openwall.com/lists/oss-security/2012/05/03/1
http://www.openwall.com/lists/oss-security/2012/05/03/2
http://www.openwall.com/lists/oss-security/2012/05/03/2
http://www.securityfocus.com/bid/53251
http://www.securityfocus.com/bid/53251