Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5552

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-5552
Last Modified 19 Jul 2013 11:33:23
Published 03 Dec 2012 04:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5552

Summary

The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password history checks."

Vulnerable Systems

Application

  • Erikwebb Password Policy 6.x-1.0

  • Erikwebb Password Policy 6.x-1.1

  • Erikwebb Password Policy 6.x-1.2

  • Erikwebb Password Policy 6.x-1.3

  • Erikwebb Password Policy 6.x-1.4

  • Erikwebb Password Policy 6.x-1.x

  • Erikwebb Password Policy 7.x-1.0

  • Erikwebb Password Policy 7.x-1.1

  • Erikwebb Password Policy 7.x-1.2

  • Erikwebb Password Policy 7.x-1.3

  • Erikwebb Password Policy 7.x-1.x


References

MLIST - [oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules

MISC - http://drupal.org/node/1828340

CONFIRM - http://drupal.org/node/1828142

CONFIRM - http://drupal.org/node/1828130

BID - 56350


Last Updated: 27 May 2016 11:01:26