Forums | Mahara Community

Security Announcements /
Security issue relating to User Authorization and expired institutions <15.04.8, <15.10.4, <16.04.2


Aaron Wells's profile picture
Posts: 896

11 July 2016, 4:57 PM

Some authentication methods that do not use Mahara's built-in login form, were still allowing users to log in even if their institution was expired or suspended.

Category: User Authorization
Severity: High
Versions affected: <15.04.8, <15.10.4, <16.04.2
Reported by: Robert Lyon
Bug reports: https://bugs.launchpad.net/mahara/+bug/1580399
CVE reference: 2017-1000154

Edits to this post:
1 result