Forums | Mahara Community
Security Announcements
/
Security issue relating to session management <15.04.7, <15.10.3
03 May 2016, 13:20
Changes to Mahara's session management in 15.04.0 were discovered to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.
Category: Sessions
Severity: Medium
Versions affected: <15.04.7, <15.10.3
Reported by: Aaron Wells
Bug reports: https://bugs.launchpad.net/mahara/+bug/1567784
CVE reference: 2017-1000150
Edits to this post:
- Kristina Hoeppner - 07 November 2017, 13:05