Forums | Mahara Community

Security Announcements /
Security issues relating to passwords <1.7.7, <1.8.4, <1.9.2


This topic is closed. Only moderators and the group administrators can post new replies.
Robert Lyon's profile picture
Posts: 617

01 August 2014, 12:13

Mahara institutions that use LDAP for authentication with a mis-configured configuration can cause users passwords to be recorded in the log files under certain circumstances.

Category: Password security
Severity: Critical
Versions Affected: <1.7.7, <1.8.4, <1.9.2
Reported by: Craig Miskell
Bug report: https://bugs.launchpad.net/mahara/+bug/1009262
CVE reference: CVE-2010-5311

We very strongly recommend that all Mahara administrators using LDAP upgrade to the latest version: 1.7.7, 1.8.4, or 1.9.2 and alert their users to change their LDAP password.

Download links for fixed version:

    https://launchpad.net/mahara/+milestone/1.7.7
    https://launchpad.net/mahara/+milestone/1.8.4
    https://launchpad.net/mahara/+milestone/1.9.2

[Update from Kristina to add CVE reference]

Edits to this post:
1 result