Forums | Mahara Community

Security Announcements /
Security issue relating to session management <15.04.7, <15.10.3

This topic is closed. Only moderators and the group administrators can post new replies.
Aaron Wells's profile picture
Posts: 896

03 May 2016, 1:20 PM

Changes to Mahara's session management in 15.04.0 were discovered to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.

Category: Sessions
Severity: Medium
Versions affected: <15.04.7, <15.10.3

Reported by: Aaron Wells

Bug reports:

CVE reference: 2017-1000150

Edits to this post:
1 result