Forums | Mahara Community

Security Announcements /
Unsafe authentication plugin options in Mahara 1.0.14, 1.1.8 and 1.2.4


This topic is closed. Only moderators and the group administrators can post new replies.
François Marier's profile picture
Posts: 411

02 July 2010, 0:08

Category: Unsafe auth plugin options
Severity: Low
Versions affected: < 1.0.15, < 1.1.9, < 1.2.5
Reported by: Gregor Anzelj
Identifier: CVE-2010-1670

While the default Mahara configuration is safe, the Mahara team was notified by Gregor Anzelj that it was possible to accidentally configure authentication plugins such that it would be possible to log into anybody's account without a password.

Upgrading to Mahara 1.0.15, 1.1.9 or 1.2.5 is recommended for anybody who has changed the default authentication plugin settings.

1 result