Forums | Mahara Community

Security Announcements /
Security issue relating to incorrect redirect <16.10.7; <17.04.5; <17.10.2

This topic is closed. Only moderators and the group administrators can post new replies.
Robert Lyon's profile picture
Posts: 767

17 January 2018, 17:14

Needing the HTTP Strict Transport Security (HSTS) header when site is https

Vuln type: man-in-the-middle attack
Impact: Redirection to incorrect site

Mahara 16.10 before 16.10.7, 17.04 before 17.04.5 and 17.10 before 17.10.2 using https are vulnerable to users going to incorrect http site.

Reported by: Kirtikumar Anandrao Ramchandani
Bug report:
CVE number: CVE-2017-17455

Edits to this post:

1 result