Unrated severityNVD Advisory· Published Feb 7, 2011· Updated Jun 16, 2026
CVE-2011-0899
CVE-2011-0899
Description
The AES encryption module 7.x-1.4 for Drupal leaves certain debugging code enabled in release, which records the plaintext password of the last logged-in user and allows remote attackers to gain privileges as that user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:johan_lindskog:aes_encryption_module:7.x-1.4:*:*:*:*:*:*:*
- Range: <= 7.x-1.4
Patches
Vulnerability mechanics
References
6- drupal.org/node/1040728nvdPatch
- drupal.org/node/1048998nvdPatchVendor Advisory
- www.securityfocus.com/bid/46116nvdPatch
- secunia.com/advisories/43185nvdVendor Advisory
- osvdb.org/70767nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/65112nvd
News mentions
0No linked articles in our index yet.