CVE-2012-2296 Information

Description

The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2 and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability.

Reference

http://drupal.org/node/1515114 http://drupal.org/node/1515120 http://drupal.org/node/1515282 http://www.openwall.com/lists/oss-security/2012/04/10/12 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/74616