Forums | Mahara Community

Security Announcements /
Security issue relating to User Authorization and XMLRP (MNet) <15.04.8, <15.10.4, <16.04.2


Aaron Wells's profile picture
Posts: 896

11 July 2016, 4:45 PM

When Mahara is used for the identity provider in MNet (XMLRPC) single-signon, logging out of one of the service providers after SSO should have also resulted in logging out from Mahara. But it did not, because Mahara did not properly implement one of the MNet SSO api functions.

Category: User Authorization
Severity: Medium
Versions affected: <15.04.8, <15.10.4, <16.04.2
Reported by: Hugh Davenport
Bug reports: https://bugs.launchpad.net/mahara/+bug/1084336
CVE reference: 2017-1000131

Edits to this post:
1 result