Drupal AES Encryption Module Information Disclosure Vulnerability

Summary
The host is running Drupal AES Encryption Module and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow attacker to obtain sensitive information that could aid in further attacks. Impact Level: Application
Solution
Upgarade to Drupal AES Encryption Module 7.x-1.5 or later. For updates refer to http://drupal.org/node/1040728
Insight
The flaw is triggered when the module saves user passwords in a text file, which will disclose the password to a remote attacker who directly requests the file.
Affected
Drupal AES Encryption Module 7.x-1.4
References