Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2012-0825 - Vulnerability Database
Drupal

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2012-0825

Medium
Reference: CVE-2012-0825
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2012-0825
Title: Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.