Forums | Mahara Community

Security Announcements /
Security issue logging passwords during full event logging <17.04.2, <16.10.4, <16.04.7, <15.04.13


Robert Lyon's profile picture
Posts: 344

25 May 2017, 7:11 PM

Recording plain text passwords in event_log table during the user creation process was happening if full event logging
was turned on.

Category: Password security
Severity: High
Versions affected: <17.04.2, <16.10.4, <16.04.7, <15.04.13
Reported by: Robert Lyon
Bug reports: https://bugs.launchpad.net/mahara/+bug/1692749
CVE reference: 2017-1000157

Edits to this post:
1 result