RETIRED: Drupal Realname User Reference Widget Module Information Disclosure Vulnerability

RETIRED: Drupal Realname User Reference Widget Module Information Disclosure Vulnerability

The Drupal 'Realname User Reference Widget' module is prone to an information-disclosure vulnerability because it fails to adequately restrict access to sensitive information.

To exploit this issue, attackers require 'access content' permissions, which may be granted with anonymous access.

Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.

Realname User Reference Widget 6.x-1.0 is vulnerable; other versions may also be affected.

RETIRED (March 1, 2010): This BID describes intended behavior; it is being retired.