Vulnerabilities > CVE-2012-2299 - Credentials Management vulnerability in Ubercart

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

ubercart

drupal

CWE-255

NVD

Published: 2012-08-14

Updated: 2012-08-15

Summary

The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database.

Vulnerable Configurations

Part	Description	Count
Application	Ubercart Ubercart Ubercart 6.X-2.0 Ubercart Ubercart 6.X-2.1 Ubercart Ubercart 6.X-2.2 Ubercart Ubercart 6.X-2.3 Ubercart Ubercart 6.X-2.4 Ubercart Ubercart 6.X-2.6 Ubercart Ubercart 6.X-2.7 Ubercart Ubercart 7.X-3.0	34
Application	Drupal Drupal Drupal -	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://drupal.org/node/1547506
http://drupal.org/node/1547508
http://drupal.org/node/1547674
http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb
http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84
http://secunia.com/advisories/48935
http://www.openwall.com/lists/oss-security/2012/05/03/1
http://www.openwall.com/lists/oss-security/2012/05/03/2
http://www.securityfocus.com/bid/53251