Vigil@nce - Drupal Instagram Block: credentials interception
September 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can listen to the activity of Drupal Instagram Block,
in order to steal credentials.
Impacted products: Drupal Modules not comprehensive.
Severity: 2/4.
Creation date: 07/07/2016.
DESCRIPTION OF THE VULNERABILITY
The Instagram Block module can be installed on Drupal.
This module authenticates against the Web application
Instagram.However, the credentials are not sufficiently protected
and the module does not notify the end user of all the risks.
An attacker can therefore listen to the activity of Drupal
Instagram Block, in order to steal credentials.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Drupal-Instagram-Block-credentials-interception-20037