Forums | Mahara Community
Security issues relating to passwords <1.7.7, <1.8.4, <1.9.2
01 August 2014, 12:13
Mahara institutions that use LDAP for authentication with a mis-configured configuration can cause users passwords to be recorded in the log files under certain circumstances.
Category: Password security
Versions Affected: <1.7.7, <1.8.4, <1.9.2
Reported by: Craig Miskell
Bug report: https://bugs.launchpad.net/mahara/+bug/1009262
CVE reference: CVE-2010-5311
We very strongly recommend that all Mahara administrators using LDAP upgrade to the latest version: 1.7.7, 1.8.4, or 1.9.2 and alert their users to change their LDAP password.
Download links for fixed version:
[Update from Kristina to add CVE reference]
Edits to this post:
- Kristina Hoeppner - 24 November 2014, 13:32