Forums | Mahara Community

Security Announcements /
Security issues relating to passwords <1.7.7, <1.8.4, <1.9.2

This topic is closed. Only moderators and the group administrators can post new replies.
Robert Lyon's profile picture
Posts: 710

01 August 2014, 12:13

Mahara institutions that use LDAP for authentication with a mis-configured configuration can cause users passwords to be recorded in the log files under certain circumstances.

Category: Password security
Severity: Critical
Versions Affected: <1.7.7, <1.8.4, <1.9.2
Reported by: Craig Miskell
Bug report:
CVE reference: CVE-2010-5311

We very strongly recommend that all Mahara administrators using LDAP upgrade to the latest version: 1.7.7, 1.8.4, or 1.9.2 and alert their users to change their LDAP password.

Download links for fixed version:

[Update from Kristina to add CVE reference]

Edits to this post:

1 result