Drupal Janrain Engage Module Senstive Information Protection Weakness
BID:52895
Info
Drupal Janrain Engage Module Senstive Information Protection Weakness
| Bugtraq ID: | 52895 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 04 2012 12:00AM |
| Updated: | Apr 04 2012 12:00AM |
| Credit: | Peter Wolanin of the Drupal Security Team |
| Vulnerable: |
Drupal Janrain Engage 7.x-2.1 Drupal Janrain Engage 6.X-2.1 Drupal Janrain Engage 6.X-1.4 |
| Not Vulnerable: |
Drupal Janrain Engage 7.x-2.2 Drupal Janrain Engage 6.X-2.2 |
Discussion
Drupal Janrain Engage Module Senstive Information Protection Weakness
The Janrain Engage module for Drupal is prone to information-protection weakness.
An attacker can exploit this issue to access sensitive information that may help in further attacks.
The following versions are vulnerable:
Janrain Engage 6.x-1.x
Janrain Engage 6.x-2.x versions prior to 6.x-2.2
Janrain Engage 7.x-2.x versions prior to 7.x-2.2
The Janrain Engage module for Drupal is prone to information-protection weakness.
An attacker can exploit this issue to access sensitive information that may help in further attacks.
The following versions are vulnerable:
Janrain Engage 6.x-1.x
Janrain Engage 6.x-2.x versions prior to 6.x-2.2
Janrain Engage 7.x-2.x versions prior to 7.x-2.2
Exploit / POC
Drupal Janrain Engage Module Senstive Information Protection Weakness
An attacker uses standard tools to exploit this issue.
An attacker uses standard tools to exploit this issue.
Solution / Fix
Drupal Janrain Engage Module Senstive Information Protection Weakness
Solution:
Vendor updates are available. Please see the references for more information.
Solution:
Vendor updates are available. Please see the references for more information.
References
Drupal Janrain Engage Module Senstive Information Protection Weakness
References:
References: