Forums | Mahara Community
Security issue relating to Access control and session cookies <15.04.15, <16.04.9, <16.10.6, <17.04.4
30 October 2017, 14:34
Old session cookies can be used to access an account under certain conditions.
Mahara 15.04 before 15.04.15 and 16.04 before 16.04.9 and 16.10 before 16.10.6 and 17.04 before 17.04.4 are vulnerable to a user account being accessed with old session cookies if they closed browser rather than logging out.
Reported by Mushraf Mustafa
Bug report: https://bugs.launchpad.net/mahara/+bug/1701978