Forums | Mahara Community
Security Announcements
/
Security issue relating to passwords <15.04.9, <15.10.5, <16.04.3
08 August 2016, 17:40
Under some error logging settings, Mahara prints a stacktrace to its error logs which includes the values of parameters passed to functions in the stack. Earlier patches attempted to prevent password strings from being included in this printout, but if passwords or other sensitive information were passed via unusual parameter names they could still wind up being printed into the error logs. (No specific cases of this happening in Mahara's standard distribution are known, however.)
Category: Password security
Severity: Medium
Versions Affected: <15.04.9, <15.10.5, <16.04.3
Reported by: Aaron Wells
Bug report: https://bugs.launchpad.net/mahara/+bug/1570221
CVE reference: 2017-1000151
We recommend that all Mahara administrators upgrade to the latest version: 15.04.9, 15.10.5, or 16.04.3.
Edits to this post:
- Kristina Hoeppner - 07 November 2017, 16:32