CVE-2012-3798
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks.
El módulo Janrain Capture v6.x-1.0 y v7.x-1.0 para Drupal, cuando está creando una cuenta de de usuario local, permite a atacantes a obtener parte de la entrada inicial usada, lo que facilita conducir un ataque de fuerza bruta a la cuenta de invitado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-06-26 CVE Reserved
- 2012-06-27 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/82957 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://drupal.org/node/1632702 | 2012-06-27 | |
| http://drupal.org/node/1632704 | 2012-06-27 | |
| http://drupal.org/node/1632734 | 2012-06-27 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bryce Hamrick Search vendor "Bryce Hamrick" | Janrain Capture Search vendor "Bryce Hamrick" for product "Janrain Capture" | 6.x-1.0 Search vendor "Bryce Hamrick" for product "Janrain Capture" and version "6.x-1.0" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Bryce Hamrick Search vendor "Bryce Hamrick" | Janrain Capture Search vendor "Bryce Hamrick" for product "Janrain Capture" | 7.x-1.0 Search vendor "Bryce Hamrick" for product "Janrain Capture" and version "7.x-1.0" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|