Password leaked in URL in Drupal - #VU516
Published: September 19, 2016
Vulnerability identifier: #VU516
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Drupal
Affected software:
Drupal
Drupal
Detailed vulnerability description
The vulnerability allows a remote user to steal user's credentials.
The weakness exists due to access control error. If the anonymous user enters incorrect username and password and they are contained in the sortable table of the page, his credentials can easily leak to external sites via the HTTP referer or via specially crafted URL on the Drupal page.
Successful exploitation of the vulnerability allows a malicious user to obtain valid user's data.
The weakness exists due to access control error. If the anonymous user enters incorrect username and password and they are contained in the sortable table of the page, his credentials can easily leak to external sites via the HTTP referer or via specially crafted URL on the Drupal page.
Successful exploitation of the vulnerability allows a malicious user to obtain valid user's data.
Remediation
Update 5.x to 5.19.
http://ftp.drupal.org/files/projects/drupal-5.19.tar.gz
Update 6.x to 6.13.
http://ftp.drupal.org/files/projects/drupal-6.13.tar.gz
http://ftp.drupal.org/files/projects/drupal-5.19.tar.gz
Update 6.x to 6.13.
http://ftp.drupal.org/files/projects/drupal-6.13.tar.gz