ID de Prueba:	1.3.6.1.4.1.25623.1.0.801842
Categoría:	Web application abuses
Título:	Drupal AES Encryption Module Information Disclosure Vulnerability (SA-CONTRIB-2011-005) - Active Check
Resumen:	Drupal AES Encryption Module is prone to an information; disclosure vulnerability.
Descripción:	Summary: Drupal AES Encryption Module is prone to an information disclosure vulnerability. Vulnerability Insight: Due to a piece of code used for debugging mistakenly left in the release, the plain text password of the user who last logged in is written to a text file in the Drupal root directory. This file is remotely accessible. Vulnerability Impact: An attacker with the knowledge of which user last logged in may access that user's account. Affected Software/OS: Drupal AES Encryption Module 7.x-1.4 is known to be affected. Older versions may be affected as well. Solution: Update to Drupal AES Encryption Module 7.x-1.5 or later and remove the reported file from the remote system. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0899 BugTraq ID: 46116 http://www.securityfocus.com/bid/46116 http://osvdb.org/70767 http://secunia.com/advisories/43185 XForce ISS Database: aes-module-information-disclosure(65112) https://exchange.xforce.ibmcloud.com/vulnerabilities/65112
Copyright	Copyright (C) 2011 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.